Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Explorer http://websearch.mocaflix.com/ [Solved]


  • This topic is locked This topic is locked

#1
Merton

Merton

    New Member

  • Member
  • Pip
  • 5 posts
Hello,

My computer has been having trouble with Internet Explorer. When starting Internet Explorer, I am taken to this URL: http://websearch.mocaflix.com/ even though that is not my home page. I have tried to change my home page with no success. This page is usually blank and I can not leave the page by typing a link in the URL box. However, sometimes there is a box in the middle of the page that I can type in. When typing here, I am brought to Yahoo search results for whatever I just typed.

When my computer first started acting up, there was a program on my desktop that I did not put there called Optimizer. There was also an installer called Dnd. I used the basic uninstaller in the Control Panel to uninstall Optimizer, and then deleted Dnd. I have also run multiple Norton scans, which turned up nothing, Norton temporary file cleaner and a few Malwarebytes scans, which did find and remove a total of three threats. I have tried resetting IE to its default settings by using the Network and Sharing Center as the Internet explorer tools drop down menu has everything greyed out and unselectable. Resetting IE did not have any noticeable effect.

The problems started when I downloaded something that was linked to on a chat group I frequent.

This is all the information that I can think of at the moment. I was not able to download OTL on this computer, but by downloading it on another computer and putting it on a USB memory to get it to this computer. Here is the OTL scan results.


OTL logfile created on: 12/5/2012 9:25:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 61.49% Memory free
12.15 Gb Paging File | 9.78 Gb Available in Paging File | 80.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 3.84 Gb Free Space | 0.66% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 3.80 Gb Free Space | 25.33% Space Free | Partition Type: NTFS
Drive F: | 1.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 1.86 Gb Total Space | 0.00 Gb Free Space | 0.16% Space Free | Partition Type: FAT32

Computer Name: JULIA-PC | User Name: Julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/05 21:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 16:19:10 | 000,480,496 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
PRC - [2008/11/03 08:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/06/06 14:34:48 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/05 16:58:23 | 000,128,000 | ---- | M] () -- C:\ProgramData\SaveAs\50bfc37f351d6.ocx
MOD - [2012/12/05 16:55:45 | 000,128,000 | ---- | M] () -- C:\ProgramData\SaveAs\50bfc2e1eb165.ocx
MOD - [2012/11/15 11:42:30 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
MOD - [2012/11/15 11:41:20 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7844c1ae91c8f584025756ad72e65176\System.Web.Services.ni.dll
MOD - [2012/11/15 11:40:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012/11/15 11:39:04 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012/11/15 11:38:53 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/11/15 11:38:47 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/11/15 11:37:35 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/15 11:37:23 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012/10/11 05:54:00 | 000,427,520 | ---- | M] () -- c:\Program Files (x86)\MocaFlix\sprotector.dll
MOD - [2008/11/03 08:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2008/11/03 08:54:00 | 000,262,384 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2008/11/03 08:54:00 | 000,132,336 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2008/11/03 08:54:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2008/11/03 08:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2008/11/03 08:54:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2007/03/29 15:47:00 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/24 12:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/09/24 12:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/09/24 12:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 05:03:36 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/08/28 14:33:32 | 000,154,352 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV:64bit: - [2009/03/16 15:27:20 | 000,211,968 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/12/22 02:37:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/12/07 00:52:36 | 000,191,896 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/03 23:18:15 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/06/11 16:44:09 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 20:37:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/09 05:03:32 | 000,143,464 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/08/05 13:02:56 | 000,144,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 09:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/09/16 09:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/09/16 09:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 09:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/16 16:34:24 | 005,203,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009/03/16 16:34:24 | 005,203,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/02/20 00:18:02 | 000,110,096 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2008/12/22 02:37:14 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/09/28 07:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2008/09/28 03:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/06/18 15:48:54 | 000,029,184 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:64bit: - [2008/05/23 15:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/04/08 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/08/15 22:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/12 20:39:21 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121205.002\ex64.sys -- (NAVEX15)
DRV - [2012/09/12 20:38:59 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121205.002\eng64.sys -- (NAVENG)
DRV - [2012/08/31 19:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121204.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/10 18:44:07 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/10 18:44:07 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/06/26 21:10:38 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice...b&orig=IMC-IEDS
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADBS_en
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\ [2010/04/25 17:18:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 08:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/31 08:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/12/05 19:48:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/10 14:06:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O2 - BHO: (SaveAs Class) - {34E272A9-FD41-CFC6-4ECE-77A2D7BD08D1} - C:\ProgramData\SaveAs\50bfc37f351d6.ocx ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SaveAs Class) - {DC46CCB4-B719-C2AB-8A54-466307929AE0} - C:\ProgramData\SaveAs\50bfc2e1eb165.ocx ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [EverioService] C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [iClippy] C:\Program Files (x86)\iClippy\iClippy.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; MDDC; .NET CLR 3.5.30729; .NET CLR 3.0.30618; Zune 4.0)" -"http://www.chem.iast.../CuZncell.html" File not found
O4 - Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4686BD6F-9EBB-41FF-9246-B9722A715C43}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99C544C8-1534-4A9F-9D0B-EAE7A1209794}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA2D3788-0C99-460A-B1D1-AE06EF2E6D26}: DhcpNameServer = 192.168.1.1 68.238.112.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Julia\Pictures\Pretties\love.jpg
O24 - Desktop BackupWallPaper: C:\Users\Julia\Pictures\Pretties\love.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b367c88f-7322-11e0-8377-0024e807bd7a}\Shell - "" = AutoRun
O33 - MountPoints2\{b367c88f-7322-11e0-8377-0024e807bd7a}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/05 21:24:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
[2012/12/05 16:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/12/05 16:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix
[2012/12/05 16:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/12/05 16:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2012/12/05 16:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
[2012/12/05 16:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/12/05 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{9E127D3C-A0C6-4A51-9749-BC4FD53C6D30}
[2012/12/04 10:30:13 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{0A329F27-ADDF-4F56-B929-7FEBFA86F449}
[2012/12/03 08:18:57 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{452CDB73-1A02-4ACD-946B-EFDDFD9EAC99}
[2012/12/02 11:29:37 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{4457A874-6ECB-4CF2-BE84-B9CEB04DCFB2}
[2012/12/01 11:08:21 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{259109EB-DF1C-42FA-9355-DFD2B85ACD9A}
[2012/11/30 10:42:01 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{E543B11A-4745-4BE6-BAC5-ABC5B47D8E8D}
[2012/11/29 08:48:15 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{B4EEE24B-CC4E-4EDD-B8B2-A7A318FE5394}
[2012/11/29 08:28:06 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{9C98CCFE-4740-4451-AD4A-F17A256ECB8A}
[2012/11/28 08:52:29 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{05087C27-C152-479F-8F1A-D9635B12108C}
[2012/11/27 23:33:23 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\college app stuff
[2012/11/27 15:17:23 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{DD4B0F08-233E-4109-8EEC-963512F05E02}
[2012/11/26 08:06:40 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{0D7DF274-E032-4582-A384-CB2034EFBA3E}
[2012/11/25 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{B806657A-362A-4EB0-B28A-B0EF17357975}
[2012/11/24 11:36:48 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{CF33F632-1F08-4C76-ABED-63535E261BD7}
[2012/11/23 10:09:27 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{4ACA92F4-5675-4DE2-9D6E-FFE63CCCD1E4}
[2012/11/22 14:56:26 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/11/22 14:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/22 14:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/22 10:22:30 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{1055828D-EE84-4EF1-92D7-67443E0841DD}
[2012/11/21 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{36B7B54D-E867-4B6E-9CC9-704939EFDC4C}
[2012/11/20 19:47:35 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\Vocal mic misc
[2012/11/20 10:37:09 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{E73BB56E-CDF4-4F5A-890C-FBB7CDA57A99}
[2012/11/19 08:04:12 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{60E16C1D-6F7F-4028-A69E-2004F4FDAEEC}
[2012/11/18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{645784DF-F20D-410C-A156-71441828391D}
[2012/11/17 09:52:30 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{D0CE18A2-53BC-4C2E-BCD5-AA0C78A5EF1D}
[2012/11/16 09:46:27 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{329BCF20-97A7-4182-AE0C-F5E53ABC3762}
[2012/11/15 11:37:21 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{D3AB88ED-2461-4479-85BE-1A573686B48F}
[2012/11/14 09:01:43 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{9D60F2E1-1BE4-41E4-A08C-99E5B08F3A37}
[2012/11/13 09:17:25 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{DFD7EED8-04DB-4659-88E3-0B4E9BD86B62}
[2012/11/12 08:14:29 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{1AABC7C1-DCC9-4E97-A338-D11365972988}
[2012/11/11 11:30:47 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{72F9F083-45C3-4FBC-979C-BB8CE1079DC7}
[2012/11/10 10:36:30 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{6047F064-C58A-4E20-A67D-3256283FC2B4}
[2012/11/09 14:38:35 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{C9A1678E-9531-4BD7-8A22-DFDA851C5CB6}
[2012/11/08 11:25:47 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{4559784E-7462-4B82-BD68-0E460248B146}
[2012/11/07 21:15:48 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{A7A8AEC4-EEF6-43CC-A69D-013BECDB7168}
[2012/11/06 10:44:40 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{A3ACDF67-C961-4E48-8E8D-32CE5FCE25AA}
[2009/04/14 11:16:27 | 003,190,688 | ---- | C] (Piriform Ltd) -- C:\Users\Julia\ccsetup218.exe
[1 C:\Users\Julia\*.tmp files -> C:\Users\Julia\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/05 21:27:32 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/05 21:27:32 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/05 21:27:32 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/05 21:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
[2012/12/05 20:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/05 19:48:38 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/05 19:48:33 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/05 19:48:33 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/05 19:48:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/05 19:48:20 | 2138,234,879 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/05 19:41:38 | 000,007,052 | ---- | M] () -- C:\Users\Julia\AppData\Local\d3d9caps.dat
[2012/12/05 17:40:37 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/05 17:36:09 | 000,002,322 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/12/05 14:43:38 | 000,096,072 | ---- | M] () -- C:\Users\Julia\Desktop\Fae LL.jpg
[2012/11/22 14:56:26 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/15 11:31:24 | 000,364,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Julia\*.tmp files -> C:\Users\Julia\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/05 17:40:37 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/05 13:04:27 | 000,096,072 | ---- | C] () -- C:\Users\Julia\Desktop\Fae LL.jpg
[2012/08/15 09:56:18 | 000,007,052 | ---- | C] () -- C:\Users\Julia\AppData\Local\d3d9caps.dat
[2011/05/12 14:06:37 | 000,001,940 | ---- | C] () -- C:\Users\Julia\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/02/26 23:31:39 | 000,011,396 | -HS- | C] () -- C:\Users\Julia\AppData\Local\3363AB316jO
[2010/02/17 13:38:52 | 000,010,524 | -HS- | C] () -- C:\Users\Julia\AppData\Local\LH4VG4
[2010/02/08 09:40:15 | 000,053,248 | ---- | C] () -- C:\Users\Julia\lametritonus_en.dll
[2010/02/08 09:40:14 | 000,162,304 | ---- | C] () -- C:\Users\Julia\lame_enc_en.dll
[2009/12/09 20:20:03 | 004,277,027 | ---- | C] () -- C:\Users\Julia\Collab.wbd
[2009/04/21 08:26:35 | 000,249,344 | ---- | C] () -- C:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 16:27:31 | 000,000,732 | ---- | C] () -- C:\Users\Julia\AppData\Local\d3d9caps64.dat
[2009/04/14 11:23:03 | 002,817,354 | ---- | C] () -- C:\Users\Julia\DCProSetup_15.zip
[2008/03/24 09:47:02 | 000,000,012 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\userdic.tlx

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/12 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Acoustica
[2012/04/11 11:34:12 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Aegisub
[2012/11/29 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Audacity
[2009/06/01 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Design Science
[2012/12/05 19:50:49 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Dropbox
[2009/10/12 08:41:39 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Elluminate
[2010/02/27 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\fltk.org
[2010/11/14 19:50:13 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\iClippy
[2009/06/06 13:39:55 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Image Zone Express
[2009/10/31 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\MPEG Streamclip
[2010/11/25 13:04:08 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\NCH Swift Sound
[2009/05/30 19:12:52 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Printer Info Cache
[2009/06/03 22:17:17 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Quicken Legal Business Pro
[2009/06/03 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Quicken WillMaker
[2012/06/20 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\RenPy
[2010/01/05 12:19:12 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Walgreens

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >


Thank you for your time.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there let me know if this fixes it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice...b&orig=IMC-IEDS
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
O2 - BHO: (SaveAs Class) - {34E272A9-FD41-CFC6-4ECE-77A2D7BD08D1} - C:\ProgramData\SaveAs\50bfc37f351d6.ocx ()
O2 - BHO: (SaveAs Class) - {DC46CCB4-B719-C2AB-8A54-466307929AE0} - C:\ProgramData\SaveAs\50bfc2e1eb165.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll ()
[2012/12/05 16:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix
[2012/12/05 16:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2012/12/05 16:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
[2010/02/26 23:31:39 | 000,011,396 | -HS- | C] () -- C:\Users\Julia\AppData\Local\3363AB316jO
[2010/02/17 13:38:52 | 000,010,524 | -HS- | C] () -- C:\Users\Julia\AppData\Local\LH4VG4
[2012/12/05 16:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
Merton

Merton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OK, I put that code through OTL. When I copied it in it didn't look as organized as you have it here in the forums, though. It took about one second to finish and then had me restart my computer. When my computer finished restarting, a notepad was open with this information in it:

All processes killed
Error: Unable to interpret <:OTLIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...{searchTerms}IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice...orig=IMC-IEDSIE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...{searchTerms}FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)O2 - BHO: (SaveAs Class) - {34E272A9-FD41-CFC6-4ECE-77A2D7BD08D1} - C:\ProgramData\SaveAs\50bfc37f351d6.ocx ()O2 - BHO: (SaveAs Class) - {DC46CCB4-B719-C2AB-8A54-466307929AE0} - C:\ProgramData\SaveAs\50bfc2e1eb165.ocx ()O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll > in the current context!
Error: Unable to interpret <()[2012/12/05 16:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix[2012/12/05 16:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs[2012/12/05 16:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs[2010/02/26 23:31:39 | 000,011,396 | -HS- | C] () -- C:\Users\Julia\AppData\Local\3363AB316jO[2010/02/17 13:38:52 | 000,010,524 | -HS- | C] () -- C:\Users\Julia\AppData\Local\LH4VG4[2012/12/05 16:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate:Commands[resethosts][emptytemp][CREATERESTOREPOINT][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 12062012_125004

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




Internet Explorer is still having trouble. Here is the results of the Quick Scan I did after I restarted my computer.

OTL logfile created on: 12/6/2012 12:58:54 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.30 Gb Available Physical Memory | 71.85% Memory free
12.09 Gb Paging File | 10.44 Gb Available in Paging File | 86.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 3.55 Gb Free Space | 0.61% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 3.80 Gb Free Space | 25.33% Space Free | Partition Type: NTFS
Drive F: | 1.11 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 1.86 Gb Total Space | 0.00 Gb Free Space | 0.16% Space Free | Partition Type: FAT32

Computer Name: JULIA-PC | User Name: Julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/05 21:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 16:19:10 | 000,480,496 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/06/06 14:34:48 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/05 16:58:23 | 000,128,000 | ---- | M] () -- C:\ProgramData\SaveAs\50bfc37f351d6.ocx
MOD - [2012/12/05 16:55:45 | 000,128,000 | ---- | M] () -- C:\ProgramData\SaveAs\50bfc2e1eb165.ocx
MOD - [2012/10/11 05:54:00 | 000,427,520 | ---- | M] () -- c:\Program Files (x86)\MocaFlix\sprotector.dll
MOD - [2007/03/29 15:47:00 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/24 12:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/09/24 12:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/09/24 12:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 05:03:36 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/08/28 14:33:32 | 000,154,352 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV:64bit: - [2009/03/16 15:27:20 | 000,211,968 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/12/22 02:37:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/12/07 00:52:36 | 000,191,896 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/03 23:18:15 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/06/11 16:44:09 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 20:37:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/09 05:03:32 | 000,143,464 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/08/05 13:02:56 | 000,144,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 09:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/09/16 09:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/09/16 09:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 09:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/16 16:34:24 | 005,203,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009/03/16 16:34:24 | 005,203,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/02/20 00:18:02 | 000,110,096 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2008/12/22 02:37:14 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/09/28 07:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2008/09/28 03:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/06/18 15:48:54 | 000,029,184 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:64bit: - [2008/05/23 15:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/04/08 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/08/15 22:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/12 20:39:21 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121205.002\ex64.sys -- (NAVEX15)
DRV - [2012/09/12 20:38:59 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121205.002\eng64.sys -- (NAVENG)
DRV - [2012/08/31 19:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121204.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/10 18:44:07 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/10 18:44:07 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/06/26 21:10:38 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice...b&orig=IMC-IEDS
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADBS_en
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.moc...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\ [2010/04/25 17:18:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 08:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/31 08:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/12/06 12:53:03 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/10 14:06:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O2 - BHO: (SaveAs Class) - {34E272A9-FD41-CFC6-4ECE-77A2D7BD08D1} - C:\ProgramData\SaveAs\50bfc37f351d6.ocx ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SaveAs Class) - {DC46CCB4-B719-C2AB-8A54-466307929AE0} - C:\ProgramData\SaveAs\50bfc2e1eb165.ocx ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [EverioService] C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [iClippy] C:\Program Files (x86)\iClippy\iClippy.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; MDDC; .NET CLR 3.5.30729; .NET CLR 3.0.30618; Zune 4.0)" -"http://www.chem.iast.../CuZncell.html" File not found
O4 - Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4686BD6F-9EBB-41FF-9246-B9722A715C43}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99C544C8-1534-4A9F-9D0B-EAE7A1209794}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA2D3788-0C99-460A-B1D1-AE06EF2E6D26}: DhcpNameServer = 192.168.1.1 68.238.112.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Julia\Pictures\Pretties\love.jpg
O24 - Desktop BackupWallPaper: C:\Users\Julia\Pictures\Pretties\love.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b367c88f-7322-11e0-8377-0024e807bd7a}\Shell - "" = AutoRun
O33 - MountPoints2\{b367c88f-7322-11e0-8377-0024e807bd7a}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/06 12:50:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/06 12:44:46 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{D961173C-5C11-48C8-9AF6-4A74F08AE13A}
[2012/12/05 21:24:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
[2012/12/05 16:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/12/05 16:54:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix
[2012/12/05 16:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/12/05 16:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2012/12/05 16:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
[2012/12/05 16:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/12/05 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{9E127D3C-A0C6-4A51-9749-BC4FD53C6D30}
[2012/12/04 10:30:13 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{0A329F27-ADDF-4F56-B929-7FEBFA86F449}
[2012/12/03 08:18:57 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{452CDB73-1A02-4ACD-946B-EFDDFD9EAC99}
[2012/12/02 11:29:37 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{4457A874-6ECB-4CF2-BE84-B9CEB04DCFB2}
[2012/12/01 11:08:21 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{259109EB-DF1C-42FA-9355-DFD2B85ACD9A}
[2012/11/30 10:42:01 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{E543B11A-4745-4BE6-BAC5-ABC5B47D8E8D}
[2012/11/29 08:48:15 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{B4EEE24B-CC4E-4EDD-B8B2-A7A318FE5394}
[2012/11/29 08:28:06 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{9C98CCFE-4740-4451-AD4A-F17A256ECB8A}
[2012/11/28 08:52:29 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{05087C27-C152-479F-8F1A-D9635B12108C}
[2012/11/27 23:33:23 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\college app stuff
[2012/11/27 15:17:23 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{DD4B0F08-233E-4109-8EEC-963512F05E02}
[2012/11/26 08:06:40 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{0D7DF274-E032-4582-A384-CB2034EFBA3E}
[2012/11/25 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{B806657A-362A-4EB0-B28A-B0EF17357975}
[2012/11/24 11:36:48 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{CF33F632-1F08-4C76-ABED-63535E261BD7}
[2012/11/23 10:09:27 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{4ACA92F4-5675-4DE2-9D6E-FFE63CCCD1E4}
[2012/11/22 14:56:26 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/11/22 14:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/22 14:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/22 10:22:30 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{1055828D-EE84-4EF1-92D7-67443E0841DD}
[2012/11/21 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{36B7B54D-E867-4B6E-9CC9-704939EFDC4C}
[2012/11/20 19:47:35 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\Vocal mic misc
[2012/11/20 10:37:09 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{E73BB56E-CDF4-4F5A-890C-FBB7CDA57A99}
[2012/11/19 08:04:12 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{60E16C1D-6F7F-4028-A69E-2004F4FDAEEC}
[2012/11/18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{645784DF-F20D-410C-A156-71441828391D}
[2012/11/17 09:52:30 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{D0CE18A2-53BC-4C2E-BCD5-AA0C78A5EF1D}
[2012/11/16 09:46:27 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{329BCF20-97A7-4182-AE0C-F5E53ABC3762}
[2012/11/15 11:37:21 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{D3AB88ED-2461-4479-85BE-1A573686B48F}
[2012/11/14 09:01:43 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{9D60F2E1-1BE4-41E4-A08C-99E5B08F3A37}
[2012/11/13 09:17:25 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{DFD7EED8-04DB-4659-88E3-0B4E9BD86B62}
[2012/11/12 08:14:29 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{1AABC7C1-DCC9-4E97-A338-D11365972988}
[2012/11/11 11:30:47 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{72F9F083-45C3-4FBC-979C-BB8CE1079DC7}
[2012/11/10 10:36:30 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{6047F064-C58A-4E20-A67D-3256283FC2B4}
[2012/11/09 14:38:35 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{C9A1678E-9531-4BD7-8A22-DFDA851C5CB6}
[2012/11/08 11:25:47 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{4559784E-7462-4B82-BD68-0E460248B146}
[2012/11/07 21:15:48 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{A7A8AEC4-EEF6-43CC-A69D-013BECDB7168}
[2009/04/14 11:16:27 | 003,190,688 | ---- | C] (Piriform Ltd) -- C:\Users\Julia\ccsetup218.exe
[1 C:\Users\Julia\*.tmp files -> C:\Users\Julia\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/06 12:59:32 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/06 12:59:32 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/06 12:59:32 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/06 12:53:10 | 000,007,052 | ---- | M] () -- C:\Users\Julia\AppData\Local\d3d9caps.dat
[2012/12/06 12:52:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/06 12:52:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 12:52:37 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 12:52:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/06 12:52:23 | 2138,234,879 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/05 21:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/05 21:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
[2012/12/05 17:40:37 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/05 17:36:09 | 000,002,322 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/12/05 14:43:38 | 000,096,072 | ---- | M] () -- C:\Users\Julia\Desktop\Fae LL.jpg
[2012/11/22 14:56:26 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/15 11:31:24 | 000,364,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Julia\*.tmp files -> C:\Users\Julia\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/05 17:40:37 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/05 13:04:27 | 000,096,072 | ---- | C] () -- C:\Users\Julia\Desktop\Fae LL.jpg
[2012/08/15 09:56:18 | 000,007,052 | ---- | C] () -- C:\Users\Julia\AppData\Local\d3d9caps.dat
[2011/05/12 14:06:37 | 000,001,940 | ---- | C] () -- C:\Users\Julia\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/02/26 23:31:39 | 000,011,396 | -HS- | C] () -- C:\Users\Julia\AppData\Local\3363AB316jO
[2010/02/17 13:38:52 | 000,010,524 | -HS- | C] () -- C:\Users\Julia\AppData\Local\LH4VG4
[2010/02/08 09:40:15 | 000,053,248 | ---- | C] () -- C:\Users\Julia\lametritonus_en.dll
[2010/02/08 09:40:14 | 000,162,304 | ---- | C] () -- C:\Users\Julia\lame_enc_en.dll
[2009/12/09 20:20:03 | 004,277,027 | ---- | C] () -- C:\Users\Julia\Collab.wbd
[2009/04/21 08:26:35 | 000,249,344 | ---- | C] () -- C:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 16:27:31 | 000,000,732 | ---- | C] () -- C:\Users\Julia\AppData\Local\d3d9caps64.dat
[2009/04/14 11:23:03 | 002,817,354 | ---- | C] () -- C:\Users\Julia\DCProSetup_15.zip
[2008/03/24 09:47:02 | 000,000,012 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\userdic.tlx

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/12 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Acoustica
[2012/04/11 11:34:12 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Aegisub
[2012/11/29 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Audacity
[2009/06/01 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Design Science
[2012/12/06 12:54:35 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Dropbox
[2009/10/12 08:41:39 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Elluminate
[2010/02/27 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\fltk.org
[2010/11/14 19:50:13 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\iClippy
[2009/06/06 13:39:55 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Image Zone Express
[2009/10/31 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\MPEG Streamclip
[2010/11/25 13:04:08 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\NCH Swift Sound
[2009/05/30 19:12:52 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Printer Info Cache
[2009/06/03 22:17:17 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Quicken Legal Business Pro
[2009/06/03 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Quicken WillMaker
[2012/06/20 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\RenPy
[2010/01/05 12:19:12 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Walgreens

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >


Thank you for your time.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try again. Download the attached fix.txt to your desktop
[attachment=61868:fix.txt]

Run OTL and press the fix button
A popup will ask for the location of Fix.txt
Select the file you downloaded and press run fix again

On completion please run a fresh quick scan
  • 0

#5
Merton

Merton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
This looks better. When my computer restarted and I brought up Internet Explorer it actually went to Google.com rather than http://websearch.mocaflix.com. I was also able to just type geekstogo.com in the address bar to get here.

Here is the information that was up when my computer restarted:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin\ deleted successfully.
C:\Program Files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34E272A9-FD41-CFC6-4ECE-77A2D7BD08D1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34E272A9-FD41-CFC6-4ECE-77A2D7BD08D1}\ deleted successfully.
C:\ProgramData\SaveAs\50bfc37f351d6.ocx moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC46CCB4-B719-C2AB-8A54-466307929AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC46CCB4-B719-C2AB-8A54-466307929AE0}\ deleted successfully.
C:\ProgramData\SaveAs\50bfc2e1eb165.ocx moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\mocaflix\sprote~1.dll deleted successfully.
c:\Program Files (x86)\MocaFlix\sprotector.dll moved successfully.
C:\Program Files (x86)\MocaFlix folder moved successfully.
C:\ProgramData\SaveAs folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs folder moved successfully.
C:\Users\Julia\AppData\Local\3363AB316jO moved successfully.
C:\Users\Julia\AppData\Local\LH4VG4 moved successfully.
C:\ProgramData\InstallMate\{AED17F54-1CC1-D45D-36B6-54E375325DA2}\147CEF708944B500 folder moved successfully.
C:\ProgramData\InstallMate\{AED17F54-1CC1-D45D-36B6-54E375325DA2} folder moved successfully.
C:\ProgramData\InstallMate\{330A741B-EAE7-2ED8-CC33-A2C5E8E956ED}\147CEF708944B500 folder moved successfully.
C:\ProgramData\InstallMate\{330A741B-EAE7-2ED8-CC33-A2C5E8E956ED} folder moved successfully.
C:\ProgramData\InstallMate folder moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Julia
->Temp folder emptied: 240179 bytes
->Temporary Internet Files folder emptied: 6409240 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2916414 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 44521 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35803938 bytes
RecycleBin emptied: 6331656 bytes

Total Files Cleaned = 49.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 12062012_145146

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




And here is the information from the quick scan:

OTL logfile created on: 12/6/2012 3:24:30 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julia\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.05 Gb Available Physical Memory | 67.54% Memory free
12.09 Gb Paging File | 10.15 Gb Available in Paging File | 83.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 4.45 Gb Free Space | 0.77% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 3.80 Gb Free Space | 25.33% Space Free | Partition Type: NTFS
Drive F: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.80% Space Free | Partition Type: UDF
Drive K: | 1.86 Gb Total Space | 0.00 Gb Free Space | 0.16% Space Free | Partition Type: FAT32

Computer Name: JULIA-PC | User Name: Julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/05 21:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccsvchst.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 16:19:10 | 000,480,496 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
PRC - [2008/11/03 08:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/06/06 14:34:48 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 11:42:30 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
MOD - [2012/11/15 11:41:20 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7844c1ae91c8f584025756ad72e65176\System.Web.Services.ni.dll
MOD - [2012/11/15 11:40:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012/11/15 11:39:04 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012/11/15 11:38:53 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/11/15 11:38:47 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/11/15 11:37:35 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/15 11:37:23 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2008/11/03 08:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2008/11/03 08:54:00 | 000,262,384 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2008/11/03 08:54:00 | 000,132,336 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2008/11/03 08:54:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2008/11/03 08:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2008/11/03 08:54:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2007/03/29 15:47:00 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PCM4Everio\Kernel\common\CLEverioDetector.dll
MOD - [2006/12/10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006/12/10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Program Files (x86)\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/24 12:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/09/24 12:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/09/24 12:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 05:03:36 | 000,099,048 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/08/28 14:33:32 | 000,154,352 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV:64bit: - [2009/03/16 15:27:20 | 000,211,968 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/12/22 02:37:34 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/12/07 00:52:36 | 000,191,896 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/04/03 23:18:15 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/05 16:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/06/11 16:44:09 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 20:37:49 | 000,432,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2011/03/30 22:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2011/03/30 22:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2011/03/14 21:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2011/01/27 01:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2010/11/15 20:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/09 05:03:32 | 000,143,464 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2010/08/05 13:02:56 | 000,144,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/16 09:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/09/16 09:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/09/16 09:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 09:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/03/16 16:34:24 | 005,203,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2009/03/16 16:34:24 | 005,203,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/02/20 00:18:02 | 000,110,096 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2008/12/22 02:37:14 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/09/28 07:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2008/09/28 03:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/06/18 15:48:54 | 000,029,184 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:64bit: - [2008/05/23 15:54:38 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2008/04/08 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/08/15 22:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/12 20:39:21 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121206.003\ex64.sys -- (NAVEX15)
DRV - [2012/09/12 20:38:59 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20121206.003\eng64.sys -- (NAVENG)
DRV - [2012/08/31 19:27:23 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20121204.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/10 18:44:07 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/10 18:44:07 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/06/26 21:10:38 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADBS_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\ [2010/04/25 17:18:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 08:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/01/31 08:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_13_2 [2012/12/06 15:16:29 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/12/06 14:51:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files (x86)\MySpace\Toolbar\1.0.72.0\MySpaceToolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [EverioService] C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [iClippy] C:\Program Files (x86)\iClippy\iClippy.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB6.4; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; MDDC; .NET CLR 3.5.30729; .NET CLR 3.0.30618; Zune 4.0)" -"http://www.chem.iast.../CuZncell.html" File not found
O4 - Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.72.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.112.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4686BD6F-9EBB-41FF-9246-B9722A715C43}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99C544C8-1534-4A9F-9D0B-EAE7A1209794}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA2D3788-0C99-460A-B1D1-AE06EF2E6D26}: DhcpNameServer = 192.168.1.1 68.238.112.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Julia\Pictures\Pretties\love.jpg
O24 - Desktop BackupWallPaper: C:\Users\Julia\Pictures\Pretties\love.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b367c88f-7322-11e0-8377-0024e807bd7a}\Shell - "" = AutoRun
O33 - MountPoints2\{b367c88f-7322-11e0-8377-0024e807bd7a}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/06 12:50:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/12/06 12:44:46 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{D961173C-5C11-48C8-9AF6-4A74F08AE13A}
[2012/12/05 21:24:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
[2012/12/05 16:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/12/05 16:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2012/12/05 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{9E127D3C-A0C6-4A51-9749-BC4FD53C6D30}
[2012/12/04 10:30:13 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{0A329F27-ADDF-4F56-B929-7FEBFA86F449}
[2012/12/03 08:18:57 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{452CDB73-1A02-4ACD-946B-EFDDFD9EAC99}
[2012/12/02 11:29:37 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{4457A874-6ECB-4CF2-BE84-B9CEB04DCFB2}
[2012/12/01 11:08:21 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{259109EB-DF1C-42FA-9355-DFD2B85ACD9A}
[2012/11/30 10:42:01 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{E543B11A-4745-4BE6-BAC5-ABC5B47D8E8D}
[2012/11/29 08:48:15 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{B4EEE24B-CC4E-4EDD-B8B2-A7A318FE5394}
[2012/11/29 08:28:06 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{9C98CCFE-4740-4451-AD4A-F17A256ECB8A}
[2012/11/28 08:52:29 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{05087C27-C152-479F-8F1A-D9635B12108C}
[2012/11/27 23:33:23 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\college app stuff
[2012/11/27 15:17:23 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{DD4B0F08-233E-4109-8EEC-963512F05E02}
[2012/11/26 08:06:40 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{0D7DF274-E032-4582-A384-CB2034EFBA3E}
[2012/11/25 10:57:53 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{B806657A-362A-4EB0-B28A-B0EF17357975}
[2012/11/24 11:36:48 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{CF33F632-1F08-4C76-ABED-63535E261BD7}
[2012/11/23 10:09:27 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{4ACA92F4-5675-4DE2-9D6E-FFE63CCCD1E4}
[2012/11/22 14:56:26 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/11/22 14:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/22 14:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/11/22 10:22:30 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{1055828D-EE84-4EF1-92D7-67443E0841DD}
[2012/11/21 11:20:17 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{36B7B54D-E867-4B6E-9CC9-704939EFDC4C}
[2012/11/20 19:47:35 | 000,000,000 | ---D | C] -- C:\Users\Julia\Desktop\Vocal mic misc
[2012/11/20 10:37:09 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{E73BB56E-CDF4-4F5A-890C-FBB7CDA57A99}
[2012/11/19 08:04:12 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{60E16C1D-6F7F-4028-A69E-2004F4FDAEEC}
[2012/11/18 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{645784DF-F20D-410C-A156-71441828391D}
[2012/11/17 09:52:30 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{D0CE18A2-53BC-4C2E-BCD5-AA0C78A5EF1D}
[2012/11/16 09:46:27 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{329BCF20-97A7-4182-AE0C-F5E53ABC3762}
[2012/11/15 11:37:21 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{D3AB88ED-2461-4479-85BE-1A573686B48F}
[2012/11/14 09:01:43 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{9D60F2E1-1BE4-41E4-A08C-99E5B08F3A37}
[2012/11/13 09:17:25 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{DFD7EED8-04DB-4659-88E3-0B4E9BD86B62}
[2012/11/12 08:14:29 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{1AABC7C1-DCC9-4E97-A338-D11365972988}
[2012/11/11 11:30:47 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{72F9F083-45C3-4FBC-979C-BB8CE1079DC7}
[2012/11/10 10:36:30 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{6047F064-C58A-4E20-A67D-3256283FC2B4}
[2012/11/09 14:38:35 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{C9A1678E-9531-4BD7-8A22-DFDA851C5CB6}
[2012/11/08 11:25:47 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{4559784E-7462-4B82-BD68-0E460248B146}
[2012/11/07 21:15:48 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\{A7A8AEC4-EEF6-43CC-A69D-013BECDB7168}
[2009/04/14 11:16:27 | 003,190,688 | ---- | C] (Piriform Ltd) -- C:\Users\Julia\ccsetup218.exe
[1 C:\Users\Julia\*.tmp files -> C:\Users\Julia\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/06 15:23:10 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/06 15:23:10 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/06 15:23:10 | 000,104,202 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/06 15:15:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 15:15:44 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 15:15:44 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/06 15:15:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/06 15:14:40 | 2138,234,879 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/06 14:52:13 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/06 12:53:10 | 000,007,052 | ---- | M] () -- C:\Users\Julia\AppData\Local\d3d9caps.dat
[2012/12/05 21:17:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
[2012/12/05 17:40:37 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/05 17:36:09 | 000,002,322 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/12/05 14:43:38 | 000,096,072 | ---- | M] () -- C:\Users\Julia\Desktop\Fae LL.jpg
[2012/11/22 14:56:26 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/15 11:31:24 | 000,364,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Julia\*.tmp files -> C:\Users\Julia\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/05 17:40:37 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/05 13:04:27 | 000,096,072 | ---- | C] () -- C:\Users\Julia\Desktop\Fae LL.jpg
[2012/08/15 09:56:18 | 000,007,052 | ---- | C] () -- C:\Users\Julia\AppData\Local\d3d9caps.dat
[2011/05/12 14:06:37 | 000,001,940 | ---- | C] () -- C:\Users\Julia\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/02/08 09:40:15 | 000,053,248 | ---- | C] () -- C:\Users\Julia\lametritonus_en.dll
[2010/02/08 09:40:14 | 000,162,304 | ---- | C] () -- C:\Users\Julia\lame_enc_en.dll
[2009/12/09 20:20:03 | 004,277,027 | ---- | C] () -- C:\Users\Julia\Collab.wbd
[2009/04/21 08:26:35 | 000,249,344 | ---- | C] () -- C:\Users\Julia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/15 16:27:31 | 000,000,732 | ---- | C] () -- C:\Users\Julia\AppData\Local\d3d9caps64.dat
[2009/04/14 11:23:03 | 002,817,354 | ---- | C] () -- C:\Users\Julia\DCProSetup_15.zip
[2008/03/24 09:47:02 | 000,000,012 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\userdic.tlx

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/12 17:23:33 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Acoustica
[2012/04/11 11:34:12 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Aegisub
[2012/11/29 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Audacity
[2009/06/01 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Design Science
[2012/12/06 15:19:13 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Dropbox
[2009/10/12 08:41:39 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Elluminate
[2010/02/27 19:11:08 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\fltk.org
[2010/11/14 19:50:13 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\iClippy
[2009/06/06 13:39:55 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Image Zone Express
[2009/10/31 13:40:19 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\MPEG Streamclip
[2010/11/25 13:04:08 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\NCH Swift Sound
[2009/05/30 19:12:52 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Printer Info Cache
[2009/06/03 22:17:17 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Quicken Legal Business Pro
[2009/06/03 22:06:12 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Quicken WillMaker
[2012/06/20 20:59:33 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\RenPy
[2010/01/05 12:19:12 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Walgreens

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >


When my brother was looking over what I was doing, he suggested that I ask you about the Alternate Data Stream mentioned at the very end of the quick scan. He thought it seemed a bit odd. Do you know what is up with the Alternate Data Stream?

Thank you again for your time.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes the ADS is normally put there by your AV, if it was one to be concerned about I would have removed it :)

Could you now update MBAM and run a quickscan please posting the resultant log... Also any outstanding problems ?
  • 0

#7
Merton

Merton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Alright, here is what I got from Malwarebytes.

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.06.12

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Julia :: JULIA-PC [administrator]

12/6/2012 4:15:49 PM
mbam-log-2012-12-06 (16-15-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228964
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



I'm not noticing anything acting odd anymore. I have had two usb memory sticks plugged in to my computer since before the problem started. Is there something in particular I should do to make sure those are clean?

Once again, thank you for your help.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just scan the USB's with your Antivirus should be sufficient

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#9
Merton

Merton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Awesome! Thank you so much for all the help! I'm sure this has taken up a large amount of time on your part.

I just finished the Cleanup and I made sure that hidden files are actually hidden. I haven't gotten the updates done yet, but I'll be sure to do that as well.

Thank you again for all the help! :lol:
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
My pleasure :cool:
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP