Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer clearly infected. Any help appreciated.

Started by cjbscotland , Oct 11 2011 07:17 PM

  • This topic is locked This topic is locked

#1
cjbscotland
Posted 11 October 2011 - 07:17 PM

cjbscotland

    New Member

  • Member
  • Pip
  • 1 posts
Hello people, I am so glad I stumbled apon this amazing website. I would just like to say thank you to anyone who gives me help before you do. I understand how precious time can be and spending it by helping other people is a great thing to do especially on such an intricate topic.

Now on to my problem, my computer has been running slow for some time now, and when turning off it always is installing windows updates for about 5 minutes everytime it turns off. I also had some kind of google redirect virus on Firefox. However, my problems manifested themself earlier on tonight. When I switched on my computer a windows application allow box popped up for windows command promp. The file was from user/temp/iipenjmughpnrveg.exe. If I clicked cancel the box prompt would just pop back up again. I could not find this as a virus or trojan online when searching. I stupidly clicked continue and then my AVG popped up saying it had blocked a trojan ending in the name xosglec.sys. So very worried i then proceeded to run avg and delete any problems found which it did find, i then restarted to no avail. I then installed Malwarebytes to hopefully sort the issue this on quick scan found 40 problems with my computer which i then proceeded to deal with. However, that did not fix the issue either. I then somehow found this website which somebody will hopefully be able to help me with.

Anyway thanks for any time spent on my problem it is very much appreciated!
Chris B.

Here is my log.

OTL logfile created on: 12/10/2011 01:58:49 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\User2\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.51 Gb Available Physical Memory | 25.63% Memory free
4.23 Gb Paging File | 2.48 Gb Available in Paging File | 58.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 212.89 Gb Total Space | 102.26 Gb Free Space | 48.04% Space Free | Partition Type: NTFS
Drive D: | 19.99 Gb Total Space | 16.73 Gb Free Space | 83.67% Space Free | Partition Type: NTFS

Computer Name: CHRISTOPHERBARR | User Name: User2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/12 01:54:45 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\User2\Desktop\OTL.exe
PRC - [2011/09/30 23:10:15 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/13 11:20:47 | 002,076,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/09/11 17:15:53 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\User2\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\User2\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/03/29 14:45:40 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/03/29 14:35:56 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/12/09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/11/25 19:35:19 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/11/04 22:09:42 | 000,107,568 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/11/04 22:05:54 | 000,266,800 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/10/15 19:35:30 | 000,352,304 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/09/23 14:01:59 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 14:07:52 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 14:07:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 14:06:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/19 23:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/05/20 00:26:22 | 003,561,720 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/28 10:18:24 | 003,660,848 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
PRC - [2007/12/30 20:42:34 | 000,724,992 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
PRC - [2007/07/11 16:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007/06/13 09:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007/05/30 15:24:58 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/16 04:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2007/03/07 17:47:02 | 000,843,776 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2005/06/07 00:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/30 23:10:15 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/08 14:09:04 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/12/09 20:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 20:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/04 22:09:42 | 000,107,568 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2010/11/04 22:07:04 | 000,006,192 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2009/10/23 18:01:58 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/05/20 00:06:36 | 000,203,776 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
MOD - [2009/05/20 00:06:34 | 006,661,120 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtGui4.dll
MOD - [2009/05/20 00:06:34 | 001,916,928 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtCore4.dll
MOD - [2009/05/20 00:06:34 | 000,770,560 | ---- | M] () -- C:\Program Files\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
MOD - [2008/01/19 00:35:12 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007/06/13 09:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MOD - [2007/05/23 09:23:34 | 004,591,616 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll
MOD - [2007/05/22 16:44:50 | 000,023,552 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll
MOD - [2007/03/07 17:47:02 | 000,843,776 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2006/10/19 09:27:06 | 000,188,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl
MOD - [2006/08/24 13:17:52 | 000,004,096 | ---- | M] () -- C:\Program Files\Messenger Plus! Live\Detoured.dll
MOD - [2006/03/09 19:45:36 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 01:37:41 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/29 14:45:40 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/03/29 14:35:56 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/11/04 22:10:06 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/11/04 22:05:54 | 000,266,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/10/15 19:42:14 | 000,326,704 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/10/15 19:35:30 | 000,352,304 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/07/16 14:07:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/05/19 00:37:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/30 20:42:34 | 000,724,992 | ---- | M] () [Auto | Running] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - [2011/09/13 11:20:36 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/05 17:44:37 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/09/22 20:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/09/22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010/07/16 14:06:53 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/02 02:18:44 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/05/02 11:58:28 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 11:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 11:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 11:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/09/12 05:28:00 | 007,623,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/07/03 00:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/29 19:00:47 | 000,682,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/05/03 18:29:10 | 001,065,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/04/23 13:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 13:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/03 14:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 14:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 14:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 14:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 14:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 14:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 14:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2005/06/13 10:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {4264D3B0-9E1B-4A61-9D79-7B77559F181F}:1.9.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.5: C:\Program Files\Virtual Earth 3D\ [2008/10/29 19:25:55 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2008/10/29 19:25:55 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2240: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2298: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1348: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User2\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User2\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/13 11:22:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/16 21:13:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/16 21:13:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 23:10:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/30 13:49:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4 [2008/08/24 20:58:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/07/20 18:33:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{4264D3B0-9E1B-4A61-9D79-7B77559F181F}: C:\Users\User2\AppData\Local\{4264D3B0-9E1B-4A61-9D79-7B77559F181F} [2011/02/27 00:54:43 | 000,000,000 | ---D | M]

[2008/06/18 22:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User2\AppData\Roaming\mozilla\Extensions
[2008/06/18 22:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User2\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2011/09/30 15:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User2\AppData\Roaming\mozilla\Firefox\Profiles\f5z2gl5f.default\extensions
[2011/09/25 12:22:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\User2\AppData\Roaming\mozilla\Firefox\Profiles\f5z2gl5f.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/12/12 00:54:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User2\AppData\Roaming\mozilla\Firefox\Profiles\f5z2gl5f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/18 22:35:52 | 000,000,000 | ---D | M] ("I ♥ Miro") -- C:\Users\User2\AppData\Roaming\mozilla\Firefox\Profiles\f5z2gl5f.default\extensions\{216ec66d-214a-43ea-92f0-5373f8405c88}
[2008/04/29 21:46:21 | 000,000,000 | ---D | M] (Cylence Theme 2: Black Diamond Edition RC1) -- C:\Users\User2\AppData\Roaming\mozilla\Firefox\Profiles\f5z2gl5f.default\extensions\{a83be38c-7731-4a6d-9059-4864a7fd55c8}
[2011/08/19 13:03:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User2\AppData\Roaming\mozilla\Firefox\Profiles\f5z2gl5f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/17 15:55:56 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\User2\AppData\Roaming\mozilla\Firefox\Profiles\f5z2gl5f.default\extensions\[email protected]
[2009/07/20 18:34:23 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\User2\AppData\Roaming\mozilla\Firefox\Profiles\f5z2gl5f.default\extensions\[email protected]
[2011/04/30 13:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/30 22:08:29 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/02/27 00:54:43 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\USER2\APPDATA\LOCAL\{4264D3B0-9E1B-4A61-9D79-7B77559F181F}
() (No name found) -- C:\USERS\USER2\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5Z2GL5F.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\USER2\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5Z2GL5F.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\USER2\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\F5Z2GL5F.DEFAULT\EXTENSIONS\[email protected]
[2011/09/30 23:10:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/31 10:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 12:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User2\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User2\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User2\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: VeohTV Plugin (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
CHR - plugin: Veoh Web Player Beta (Enabled) = C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
CHR - plugin: NPVeohVersion4 plugin (Enabled) = C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: VideoEgg Publisher (Enabled) = C:\Users\User2\AppData\Roaming\VideoEgg\Loader\4665\npvideoegg-loader.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\User2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: MegaSkipper = C:\Users\User2\AppData\Local\Google\Chrome\User Data\Default\Extensions\phlpjnmkcepflfoglccifhajagahaglm\19.59_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B70A1A54-6DFB-4AD8-9A62-2C00A3CC5BB4} - C:\PROGRA~1\FreeVPN\fads.dll File not found
O2 - BHO: (Reg Error: Value error.) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\piclens.dll (Cooliris Inc.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause File not found
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd] C:\Windows\vsnpstd.exe File not found
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [Transcode360] C:\Program Files\Transcode360\Transcode360Tray.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Methlabs)
O4 - HKCU..\Run: [QauJlhkp] C:\Users\User2\AppData\Local\isruabrs\qaujlhkp.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qaujlhkp.exe ()
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\piclens.dll (Cooliris Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://lovefm.miemas...002/kxhcm10.ocx (KXHCM10 Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemreq.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://67.154.21.186...2/bl_camera.cab (BL_Camera)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9} http://www.piclens.c...ed/plinstll.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{521CD0EF-537C-483E-AD9C-E2A70132B5D1}: DhcpNameServer = 10.17.8.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927BFE5F-B61B-4CA9-83D4-A7D3A8A04B4C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (avgrsstx.dll) -C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User2\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User2\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7bbce667-2963-11dc-8b23-001921f9a174}\Shell - "" = AutoRun
O33 - MountPoints2\{7bbce667-2963-11dc-8b23-001921f9a174}\Shell\AutoRun\command - "" = F:\Setup.exe -auto
O33 - MountPoints2\{bbb07ffa-23e1-11dc-ab56-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bbb07ffa-23e1-11dc-ab56-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE /AUTORUN
O33 - MountPoints2\{bbb07ffa-23e1-11dc-ab56-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{bbb07ffa-23e1-11dc-ab56-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 01:54:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\User2\Desktop\OTL.exe
[2011/10/12 01:10:14 | 000,000,000 | ---D | C] -- C:\Users\User2\AppData\Roaming\Malwarebytes
[2011/10/12 01:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/12 01:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/12 01:10:04 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/12 01:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/12 01:09:39 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User2\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/12 01:05:39 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\User2\Desktop\spybotsd162.exe
[2011/10/12 00:37:52 | 000,000,000 | ---D | C] -- C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/11 16:22:55 | 000,000,000 | ---D | C] -- C:\Users\User2\AppData\Local\isruabrs
[2011/09/30 22:55:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2004/01/28 00:59:00 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2003/12/09 21:17:00 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll

========== Files - Modified Within 30 Days ==========

[2011/10/12 02:10:24 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D327C1DC-EC78-40F3-9384-27117887BACC}.job
[2011/10/12 02:02:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/10/12 01:54:45 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\User2\Desktop\OTL.exe
[2011/10/12 01:32:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/12 01:32:17 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 01:32:17 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 01:32:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 01:24:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/12 01:23:59 | 000,184,832 | ---- | M] () -- C:\Users\User2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/12 01:21:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3549857371-3814379279-3125928600-1003UA.job
[2011/10/12 01:20:15 | 000,616,510 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/12 01:20:15 | 000,113,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/12 01:10:08 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/12 01:09:42 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User2\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/12 01:06:45 | 000,001,085 | ---- | M] () -- C:\Users\User2\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/12 01:06:45 | 000,001,061 | ---- | M] () -- C:\Users\User2\Desktop\Spybot - Search & Destroy.lnk
[2011/10/12 01:05:46 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\User2\Desktop\spybotsd162.exe
[2011/10/12 00:33:16 | 000,000,680 | ---- | M] () -- C:\Users\User2\AppData\Local\d3d9caps.dat
[2011/10/12 00:00:03 | 000,000,656 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2011/10/11 23:17:26 | 000,000,000 | ---- | M] () -- C:\Users\User2\AppData\Local\prvlcl.dat
[2011/10/11 17:21:05 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3549857371-3814379279-3125928600-1003Core.job
[2011/10/11 16:22:14 | 000,117,547 | --S- | M] () -- C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qaujlhkp.exe
[2011/10/07 19:28:43 | 087,132,222 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/10/01 18:22:32 | 000,063,342 | ---- | M] () -- C:\Users\User2\Desktop\150519486-M.jpg
[2011/09/30 22:55:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2011/09/30 22:55:21 | 211,020,526 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/26 22:08:15 | 000,038,215 | ---- | M] () -- C:\Users\User2\Desktop\293576_10150306779956976_578596975_8491375_111408265_n.jpg
[2011/09/25 20:40:41 | 000,030,452 | ---- | M] () -- C:\Users\User2\Desktop\jugg method spreadsheet excel 2007
[2011/09/17 19:43:33 | 004,551,722 | ---- | M] () -- C:\Users\User2\Desktop\60246615-Jugg-Method-eBook - Copy.pdf
[2011/09/13 11:20:36 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys

========== Files Created - No Company Name ==========

[2011/10/12 01:10:08 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/12 01:06:45 | 000,001,085 | ---- | C] () -- C:\Users\User2\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/12 01:06:45 | 000,001,061 | ---- | C] () -- C:\Users\User2\Desktop\Spybot - Search & Destroy.lnk
[2011/10/11 16:22:55 | 000,117,547 | --S- | C] () -- C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qaujlhkp.exe
[2011/10/01 18:22:23 | 000,063,342 | ---- | C] () -- C:\Users\User2\Desktop\150519486-M.jpg
[2011/09/30 23:07:49 | 024,907,490 | ---- | C] () -- C:\Users\User2\Desktop\vault - Copy.zip
[2011/09/30 23:07:49 | 004,551,722 | ---- | C] () -- C:\Users\User2\Desktop\60246615-Jugg-Method-eBook - Copy.pdf
[2011/09/30 23:07:49 | 000,077,049 | ---- | C] () -- C:\Users\User2\Desktop\nutrition-chart-tug-fitness - Copy.png
[2011/09/30 22:55:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/09/30 22:54:40 | 211,020,526 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/26 22:08:02 | 000,038,215 | ---- | C] () -- C:\Users\User2\Desktop\293576_10150306779956976_578596975_8491375_111408265_n.jpg
[2011/09/25 20:39:47 | 000,030,452 | ---- | C] () -- C:\Users\User2\Desktop\jugg method spreadsheet excel 2007
[2011/04/17 22:36:15 | 000,004,096 | -H-- | C] () -- C:\Users\User2\AppData\Local\keyfile3.drm
[2011/02/27 00:54:46 | 000,000,120 | ---- | C] () -- C:\Users\User2\AppData\Local\Ureleruqapiwe.dat
[2011/02/27 00:54:46 | 000,000,000 | ---- | C] () -- C:\Users\User2\AppData\Local\Xlixoga.bin
[2010/10/25 18:14:20 | 000,000,008 | ---- | C] () -- C:\Users\User2\AppData\Roaming\vfzwln.dat
[2010/03/29 20:19:36 | 000,000,000 | ---- | C] () -- C:\Users\User2\AppData\Local\prvlcl.dat
[2010/01/02 20:20:21 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/07/20 18:34:12 | 000,213,138 | ---- | C] () -- C:\Users\User2\AppData\Local\cooliris-win-ie-release-1.10.0.24532.en-US.msi
[2009/04/19 00:59:58 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009/03/05 18:33:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/02/05 11:06:02 | 000,000,680 | ---- | C] () -- C:\Users\User2\AppData\Local\d3d9caps.dat
[2008/12/23 21:09:40 | 000,072,526 | ---- | C] () -- C:\Users\User2\AppData\Local\cooliris-win-ie-release-1.9.1.17582.msi
[2008/11/29 11:51:11 | 000,123,570 | ---- | C] () -- C:\Users\User2\AppData\Local\cooliris-win-ie-release-1.9.0.16396.msi
[2008/10/24 16:38:25 | 000,208,018 | ---- | C] () -- C:\Users\User2\AppData\Local\cooliris-win-iemin-release-1.8.5.14750.msi
[2008/10/17 23:46:19 | 000,091,418 | ---- | C] () -- C:\Users\User2\AppData\Local\cooliris-win-iemin-release-1.8.4.14391.msi
[2008/10/05 20:35:19 | 000,186,519 | ---- | C] () -- C:\Users\User2\AppData\Local\cooliris-win-iemin-release-1.8.3.14080.msi
[2008/09/24 23:20:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/09/24 23:20:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/18 20:30:58 | 000,142,654 | ---- | C] () -- C:\Users\User2\AppData\Local\cooliris-win-iemin-release-1.8.2.4689.msi
[2008/09/07 17:39:30 | 000,000,100 | ---- | C] () -- C:\Users\User2\AppData\Roaming\default.pls
[2008/08/22 16:34:54 | 000,074,066 | ---- | C] () -- C:\Users\User2\AppData\Local\cooliris-win-iemin-release-1.8.0.4272.msi
[2008/07/25 22:44:47 | 000,234,226 | ---- | C] () -- C:\Users\User2\AppData\Local\piclens-win-iemin-release-1.7.1.3938.msi
[2008/06/18 22:20:38 | 000,088,626 | ---- | C] () -- C:\Users\User2\AppData\Local\piclens-win-iefull-release-1.7.0.3458.msi
[2008/06/01 13:51:33 | 000,011,338 | ---- | C] () -- C:\Users\User2\AppData\Local\piclens-win-iefull-release-1.6.4.3021.msi
[2008/05/25 17:13:47 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2008/05/25 17:13:35 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/05/25 16:43:28 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2008/04/06 01:13:27 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/03/28 17:41:32 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/19 07:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/12/16 04:11:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/02 23:52:08 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2007/08/19 02:07:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/08/18 23:57:15 | 000,027,043 | ---- | C] () -- C:\Users\User2\AppData\Roaming\UserTile.png
[2007/06/27 17:28:49 | 000,184,832 | ---- | C] () -- C:\Users\User2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/26 15:51:28 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/06/26 15:41:14 | 000,087,800 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2007/06/26 14:20:13 | 000,000,636 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/01/26 02:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2007/01/26 02:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 001,806,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,616,510 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,113,224 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/05/17 04:17:00 | 000,196,608 | ---- | C] () -- C:\Windows\select3a.exe
[2003/10/21 16:40:00 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll
[2003/06/02 21:35:00 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\Windows\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\Windows\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\Windows\FRONTPG.INI

========== LOP Check ==========

[2007/06/28 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\.BitTornado
[2010/05/07 19:57:32 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\.purple
[2011/07/20 20:25:48 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Akde
[2010/11/23 23:57:48 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\avidemux
[2011/07/14 17:24:11 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Biga
[2008/09/04 16:55:32 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\DeepBurner
[2011/10/12 01:37:28 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Dropbox
[2011/07/22 12:54:40 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Dyan
[2011/08/30 12:00:45 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Egdave
[2011/07/28 23:34:28 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Elrew
[2011/04/21 21:23:38 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Flip Video
[2008/09/07 18:11:19 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\ImgBurn
[2011/08/01 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Kugo
[2011/01/16 21:13:49 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Local
[2010/02/25 11:41:26 | 000,000,000 | -HSD | M] -- C:\Users\User2\AppData\Roaming\lowsec
[2008/05/23 22:00:20 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\MiniDm
[2011/05/10 02:32:33 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\OfficeRecovery
[2007/07/03 19:43:22 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Opera
[2008/06/18 22:34:50 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Participatory Culture Foundation
[2008/11/19 00:07:33 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\PCF-VLC
[2007/08/18 23:57:14 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\PeerNetworking
[2008/03/02 02:02:15 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Qtrax1
[2010/01/02 20:20:18 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Research In Motion
[2011/10/11 22:38:32 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Spotify
[2011/08/18 21:03:13 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Subiod
[2011/04/12 23:36:01 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Sufih
[2007/12/17 18:40:03 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Teleca
[2011/07/07 15:31:09 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Temoix
[2011/07/08 15:40:32 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Umfo
[2011/10/04 00:39:47 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\uTorrent
[2011/08/22 12:01:46 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Uvofd
[2011/04/13 12:00:37 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Vodocu
[2011/08/29 23:02:53 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Yhcifi
[2011/07/17 12:37:16 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Yzewvy
[2011/10/12 01:31:15 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/10/12 02:10:24 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D327C1DC-EC78-40F3-9384-27117887BACC}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 360 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:24051EFF
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:F8D65F32

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 13 October 2011 - 05:56 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello cjbscotland and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/02/27 00:54:43 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\USER2\APPDATA\LOCAL\{4264D3B0-9E1B-4A61-9D79-7B77559F181F}
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {B70A1A54-6DFB-4AD8-9A62-2C00A3CC5BB4} - C:\PROGRA~1\FreeVPN\fads.dll File not found
    O4 - HKCU..\Run: [QauJlhkp] C:\Users\User2\AppData\Local\isruabrs\qaujlhkp.exe ()
    O4 - Startup: C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qaujlhkp.exe ()
    O33 - MountPoints2\{7bbce667-2963-11dc-8b23-001921f9a174}\Shell - "" = AutoRun
    O33 - MountPoints2\{7bbce667-2963-11dc-8b23-001921f9a174}\Shell\AutoRun\command - "" = F:\Setup.exe -auto
    O33 - MountPoints2\{bbb07ffa-23e1-11dc-ab56-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{bbb07ffa-23e1-11dc-ab56-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE /AUTORUN
    O33 - MountPoints2\{bbb07ffa-23e1-11dc-ab56-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
    O33 - MountPoints2\{bbb07ffa-23e1-11dc-ab56-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
    [2011/10/11 16:22:14 | 000,117,547 | --S- | M] () -- C:\Users\User2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qaujlhkp.exe
    [2011/02/27 00:54:46 | 000,000,120 | ---- | C] () -- C:\Users\User2\AppData\Local\Ureleruqapiwe.dat
    [2011/02/27 00:54:46 | 000,000,000 | ---- | C] () -- C:\Users\User2\AppData\Local\Xlixoga.bin
    [2010/10/25 18:14:20 | 000,000,008 | ---- | C] () -- C:\Users\User2\AppData\Roaming\vfzwln.dat
    [2011/08/22 12:01:46 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Uvofd
    [2011/04/13 12:00:37 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Vodocu
    [2011/08/29 23:02:53 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Yhcifi
    [2011/07/17 12:37:16 | 000,000,000 | ---D | M] -- C:\Users\User2\AppData\Roaming\Yzewvy

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#3
maliprog
Posted 17 October 2011 - 12:05 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP