Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Search engines not working and other problems [Solved]

Started by Hbosses , May 18 2012 04:27 PM

Next

This topic is locked

#1
Hbosses

Posted 18 May 2012 - 04:27 PM

Member

Member
17 posts

I'd say for about 2 days now, everytime I go on the Google, Yahoo and Bing search engines, I cannot actually search for anything. On IE, when I click on the search button in Google nothing happens, on Firefox Google goes to a page full of different symbols (e.g �ս�zۺ�(x��`��li��5��x�). As for Yahoo and Bing they both time out on both IE and FF. When I type in the address bar http://74.125.230.112/ then google works absolutely fine.

Now for the other problems, well my hotmail account got hacked. When I looked at the sent box my email address had sent out 4 emails in 20secs to 4 different people who I've never heard of. Hotmail subsequently blocked my account which I have now re-opened.

And finally, no matter what internet page I have opened, on either IE of FF, theres is this little box in the bottom right hand of the screen, advertising various things such as IliVid and Zavvi, that always pops up.

Out of nowhere these problems have all appeared, now I havent downloaded anything recently, but theres quite a few people use the computer, and nobody knows whats goin on. We only work on the Administrator profile, nobody has there own (which will change if I fix this, I will put a password on the Admin profile!!)

I have checked the Hosts file and that is normal, I have ran Malwarebytes and that hasnt picked up anything but ESET NOD32 has picked up quite a few with have been dealt with, but the problem remains. I will post them up if you require.

Here is the OTL info

Thanks Very Much
Hbosses

OTL logfile created on: 18/05/2012 22:41:09 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\HSBC-05\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 0.23 Gb Available Physical Memory | 12.06% Memory free
4.10 Gb Paging File | 1.67 Gb Available in Paging File | 40.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 101.87 Gb Free Space | 34.17% Space Free | Partition Type: NTFS

Computer Name: HSBC-05-PC | User Name: HSBC-05 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 22:36:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\HSBC-05\Downloads\OTL.exe
PRC - [2012/05/05 14:00:51 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/08/23 08:04:46 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/03/05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007/06/11 20:27:23 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 10:41:37 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/04/30 09:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/14 18:10:07 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/05 14:00:51 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/18 14:15:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll
MOD - [2011/11/18 14:12:58 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll
MOD - [2011/11/18 14:12:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll
MOD - [2011/11/18 14:12:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll
MOD - [2011/11/18 14:12:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll
MOD - [2011/11/18 14:11:52 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll
MOD - [2011/11/18 14:11:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/05 16:32:36 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/03/05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/07/20 22:11:32 | 000,247,808 | ---- | M] () -- C:\Windows\System32\FFSJ\FFSJSHL.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/06/11 20:27:23 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
MOD - [2007/05/30 06:12:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/30 06:12:15 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/30 06:11:21 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 09:20:25 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 09:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
MOD - [2007/04/30 09:19:51 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 09:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 08:16:47 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/01/09 17:10:05 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddscw.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/05/05 14:00:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/26 17:23:19 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/14 00:19:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/08/23 08:04:46 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/03/01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/05/25 10:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 10:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- -- (SuperMounter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/18 14:20:27 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys -- (RapportCerberus_32029)
DRV - [2011/08/23 08:04:58 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/08/23 08:04:58 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/08/23 08:04:58 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/07/13 14:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 14:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2010/04/25 13:50:46 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/03/15 11:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2010/03/15 11:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2010/03/15 11:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2010/03/15 11:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2010/03/15 11:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2010/03/15 11:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2010/03/15 11:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2010/03/01 20:37:30 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/12/02 13:51:08 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009/10/20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/15 21:30:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/10/15 21:30:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/05/14 15:49:34 | 000,093,312 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/11/02 09:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007/10/04 10:14:00 | 007,625,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/10 13:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/07/07 08:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/02/15 15:14:28 | 000,019,840 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2006/11/02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2003/08/11 10:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F2E04335-8180-4232-A501-BC6DFCCA78B3}: "URL" = http://search.condui...&ctid=CT2418376

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {BDAF4D72-83DF-44FF-B8D4-8915CFF88265}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8B95D70D-0B2E-4AC6-8636-7E71F7851810}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{AA9B9DFA-1AAA-4E89-B7D7-ECC40A6521CE}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKCU\..\SearchScopes\{BDAF4D72-83DF-44FF-B8D4-8915CFF88265}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F2E04335-8180-4232-A501-BC6DFCCA78B3}: "URL" = http://search.condui...&ctid=CT2418376
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3....en-GB:official"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.27.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1462
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {5120AABB-B7F4-4CBB-8F90-B3AD0F52806F}:1.9.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/05 14:00:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 11:39:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/08/12 16:08:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5120AABB-B7F4-4CBB-8F90-B3AD0F52806F}: C:\Users\HSBC-05\AppData\Local\{5120AABB-B7F4-4CBB-8F90-B3AD0F52806F}\ [2011/08/24 00:22:18 | 000,000,000 | ---D | M]

[2009/02/08 19:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Extensions
[2012/05/04 23:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions
[2011/12/22 13:16:58 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/09/13 13:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/08/08 23:54:27 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions\[email protected]
[2010/11/23 13:02:06 | 000,000,919 | ---- | M] () -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\searchplugins\conduit.xml
[2011/07/11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\searchplugins\startsear.xml
[2012/01/11 00:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/12 16:15:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/05 14:00:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/17 22:09:10 | 000,045,056 | ---- | M] (Info Technology Supply Ltd) -- C:\Program Files\mozilla firefox\plugins\nppstart.dll
[2011/08/31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/05/05 14:00:49 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/15 23:25:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/05 14:00:49 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/05 14:00:49 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/05 14:00:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/05 14:00:49 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/05/18 16:52:00 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [fccu4o20iv] C:\Users\HSBC-05\fccu4o20iv.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A55E92B-3446-45B5-8525-30971FEB2DCC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\HSBC-05\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\HSBC-05\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bbd97013-f542-11dd-af9a-0021851907f5}\Shell - "" = AutoRun
O33 - MountPoints2\{bbd97013-f542-11dd-af9a-0021851907f5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 22:19:09 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/05/18 22:18:53 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Roaming\Autodesk
[2012/05/18 22:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012/05/17 21:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/16 18:14:00 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Roaming\Jtypkl
[2012/05/12 16:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/12 16:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/11 00:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\IK Multimedia
[2012/05/11 00:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IK Multimedia
[2012/05/11 00:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Extreme Sample Converter 3
[2012/05/05 14:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/05 14:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/20 00:49:01 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Roaming\NeroDigital
[2012/04/20 00:48:26 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Local\Nero_AG
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/18 22:43:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 22:19:10 | 000,001,976 | ---- | M] () -- C:\Users\HSBC-05\Desktop\Autodesk 123D Catch.lnk
[2012/05/18 21:03:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 21:03:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 19:03:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 19:03:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/18 18:20:24 | 000,611,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/18 18:20:24 | 000,109,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/18 16:52:00 | 000,000,761 | RHS- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/18 12:26:51 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/05/17 04:56:35 | 000,204,800 | ---- | M] () -- C:\Users\HSBC-05\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 19:02:06 | 000,007,944 | ---- | M] () -- C:\Users\HSBC-05\AppData\Local\d3d9caps.dat
[2012/05/16 18:49:24 | 218,368,113 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/12 16:13:18 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/12 00:12:47 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/11 00:38:44 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2012/05/11 00:38:44 | 000,000,016 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2012/05/11 00:38:44 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2012/05/02 01:15:58 | 000,001,116 | ---- | M] () -- C:\Users\HSBC-05\AppData\Roaming\DVDSubEdit.ini
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/18 22:19:10 | 000,001,976 | ---- | C] () -- C:\Users\HSBC-05\Desktop\Autodesk 123D Catch.lnk
[2012/05/16 18:44:01 | 218,368,113 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/12 16:13:18 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/11 00:38:43 | 000,000,016 | ---- | C] () -- C:\Windows\System32\w3data.vss
[2012/05/11 00:38:43 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2012/05/11 00:38:43 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/05/02 01:12:40 | 000,001,116 | ---- | C] () -- C:\Users\HSBC-05\AppData\Roaming\DVDSubEdit.ini
[2012/02/21 01:37:22 | 000,000,132 | ---- | C] () -- C:\Users\HSBC-05\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/18 13:39:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/18 13:37:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/11 22:45:36 | 000,000,335 | ---- | C] () -- C:\Windows\setting.ini
[2011/10/06 01:14:57 | 000,000,080 | ---- | C] () -- C:\Users\HSBC-05\AppData\Local\X-Plane Installer.prf
[2011/08/05 00:49:50 | 000,011,524 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\e8010lu874aguygbc
[2011/08/05 00:49:50 | 000,011,524 | -HS- | C] () -- C:\ProgramData\e8010lu874aguygbc
[2011/08/04 15:05:11 | 000,012,940 | -HS- | C] () -- C:\ProgramData\xw737i26j4p6rvpv63d6640ikv3612a0au8xog
[2011/08/04 15:05:10 | 000,012,940 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\xw737i26j4p6rvpv63d6640ikv3612a0au8xog
[2011/07/17 03:15:38 | 000,000,000 | ---- | C] () -- C:\Users\HSBC-05\AppData\Local\Lbepodeneqehexo.bin
[2011/07/17 03:15:29 | 000,000,120 | ---- | C] () -- C:\Users\HSBC-05\AppData\Local\Gnaritequweza.dat
[2011/04/18 21:02:13 | 000,010,384 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\2xm3832m5a2b2ngvwb0w6bni48a870mdep
[2011/04/18 21:02:13 | 000,010,384 | -HS- | C] () -- C:\ProgramData\2xm3832m5a2b2ngvwb0w6bni48a870mdep
[2011/04/08 09:40:34 | 000,011,968 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\bkels6fq4t8a1c772
[2011/04/08 09:40:34 | 000,011,968 | -HS- | C] () -- C:\ProgramData\bkels6fq4t8a1c772
[2011/04/06 15:09:17 | 000,011,230 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\h1ak21a17g2b8yl770cwuriv0x1r5e
[2011/04/06 15:09:17 | 000,011,230 | -HS- | C] () -- C:\ProgramData\h1ak21a17g2b8yl770cwuriv0x1r5e
[2011/04/04 17:23:01 | 000,011,482 | -HS- | C] () -- C:\ProgramData\l8h6k22165o6e645bt4xcs1558h
[2011/04/04 17:23:00 | 000,011,482 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\l8h6k22165o6e645bt4xcs1558h

========== LOP Check ==========

[2011/08/26 15:08:22 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\3FD3B5BBFB9EFAE8D3B3F62F8C26F3F5
[2010/09/29 21:40:58 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Amazon
[2012/05/18 22:18:53 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Autodesk
[2011/08/22 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Avbelo
[2012/05/16 21:58:33 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\BitComet
[2009/09/04 19:38:39 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\com.adobe.ExMan
[2011/09/07 23:07:52 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/17 12:55:18 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Ecmu
[2011/08/04 16:10:33 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Egheor
[2009/03/10 18:02:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\ESET
[2011/08/26 13:15:49 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Ewgale
[2009/12/17 03:26:56 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\FFSJ
[2010/07/26 21:33:57 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Football Superstars
[2011/04/24 13:28:13 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\fz1gxedr2bthxaupsepiqaqzooajnua2
[2009/04/06 22:17:57 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\GeoVid
[2009/06/18 16:41:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\GetRightToGo
[2011/08/07 16:04:49 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\go
[2010/10/20 13:15:48 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\ImTOO
[2010/10/02 13:17:54 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\ImTOO Software Studio
[2011/08/04 19:52:31 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Ivdye
[2012/05/16 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Jtypkl
[2009/02/07 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Lexmark Productivity Studio
[2009/04/05 13:16:51 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\MOVAVI
[2009/06/20 22:55:48 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\MPEG Streamclip
[2010/08/18 00:18:30 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Nanex
[2011/07/14 19:12:19 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Odyho
[2010/09/13 18:11:13 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\PACE Anti-Piracy
[2009/06/11 15:48:14 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Panasonic
[2011/07/17 14:54:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Paypcu
[2011/10/09 14:01:12 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\pokerth
[2011/01/16 14:55:35 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Replay Media Catcher 4
[2011/08/24 01:18:34 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Siev
[2011/09/07 17:34:11 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Sony
[2009/10/15 21:27:11 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Sony Setup
[2011/11/02 03:03:21 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Sports Interactive
[2011/07/02 21:31:09 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\StreamTorrent
[2011/09/10 12:26:28 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Thinstall
[2011/02/10 19:25:49 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Trusteer
[2009/03/10 18:27:51 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\www.pro-evo.xooit.fr
[2011/09/27 14:08:50 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Xi
[2011/05/09 12:50:04 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Xilisoft
[2010/04/27 10:18:49 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2010/04/27 10:18:49 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2010/04/27 10:18:49 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2010/04/27 10:18:49 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2012/05/18 18:28:49 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\HSBC-05\GD.avi:TOC.WMV
@Alternate Data Stream - 1001 bytes -> C:\Users\HSBC-05\AppData\Local\wLXIyhYK:30Qug31NxRCDjQeRs1kgvP5a

< End of report >

0

Advertisements

#2
ali.B

Posted 19 May 2012 - 02:05 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Step 1

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [fccu4o20iv] C:\Users\HSBC-05\fccu4o20iv.exe File not found
O33 - MountPoints2\{bbd97013-f542-11dd-af9a-0021851907f5}\Shell - "" = AutoRun
O33 - MountPoints2\{bbd97013-f542-11dd-af9a-0021851907f5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2011/08/05 00:49:50 | 000,011,524 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\e8010lu874aguygbc
[2011/08/05 00:49:50 | 000,011,524 | -HS- | C] () -- C:\ProgramData\e8010lu874aguygbc
[2011/08/04 15:05:11 | 000,012,940 | -HS- | C] () -- C:\ProgramData\xw737i26j4p6rvpv63d6640ikv3612a0au8xog
[2011/08/04 15:05:10 | 000,012,940 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\xw737i26j4p6rvpv63d6640ikv3612a0au8xog
[2011/07/17 03:15:38 | 000,000,000 | ---- | C] () -- C:\Users\HSBC-05\AppData\Local\Lbepodeneqehexo.bin
[2011/07/17 03:15:29 | 000,000,120 | ---- | C] () -- C:\Users\HSBC-05\AppData\Local\Gnaritequweza.dat
[2011/04/18 21:02:13 | 000,010,384 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\2xm3832m5a2b2ngvwb0w6bni48a870mdep
[2011/04/18 21:02:13 | 000,010,384 | -HS- | C] () -- C:\ProgramData\2xm3832m5a2b2ngvwb0w6bni48a870mdep
[2011/04/08 09:40:34 | 000,011,968 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\bkels6fq4t8a1c772
[2011/04/08 09:40:34 | 000,011,968 | -HS- | C] () -- C:\ProgramData\bkels6fq4t8a1c772
[2011/04/06 15:09:17 | 000,011,230 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\h1ak21a17g2b8yl770cwuriv0x1r5e
[2011/04/06 15:09:17 | 000,011,230 | -HS- | C] () -- C:\ProgramData\h1ak21a17g2b8yl770cwuriv0x1r5e
[2011/04/04 17:23:01 | 000,011,482 | -HS- | C] () -- C:\ProgramData\l8h6k22165o6e645bt4xcs1558h
[2011/04/04 17:23:00 | 000,011,482 | -HS- | C] () -- C:\Users\HSBC-05\AppData\Local\l8h6k22165o6e645bt4xcs1558h
@Alternate Data Stream - 1001 bytes -> C:\Users\HSBC-05\AppData\Local\wLXIyhYK:30Qug31NxRCDjQeRs1kgvP5a

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Things I would like to see in your reply:

OTL log
Combofix.txt

1

#3
Hbosses

Posted 19 May 2012 - 06:25 AM

Member

Topic Starter
Member
17 posts

Hi ali.B, thanks for the reply

So here are my results, I'm guessin this computer is badly affected as ComboFix took a lot longer than 10minutes.

OTL Log

OTL logfile created on: 19/05/2012 12:43:57 - Run 2
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\HSBC-05\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.94 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 60.35% Memory free
4.10 Gb Paging File | 3.27 Gb Available in Paging File | 79.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 100.00 Gb Free Space | 33.55% Space Free | Partition Type: NTFS

Computer Name: HSBC-05-PC | User Name: HSBC-05 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 22:36:47 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\HSBC-05\Downloads\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2011/08/23 08:04:46 | 000,919,352 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/03/05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007/06/11 20:27:23 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
PRC - [2007/05/25 10:41:37 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxddcoms.exe
PRC - [2007/04/30 09:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/18 14:15:28 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll
MOD - [2011/11/18 14:12:58 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll
MOD - [2011/11/18 14:12:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll
MOD - [2011/11/18 14:12:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll
MOD - [2011/11/18 14:12:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\207b1e1e2254c7a308efe4f903e52ce2\System.Configuration.ni.dll
MOD - [2011/11/18 14:11:52 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll
MOD - [2011/11/18 14:11:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/05 16:32:36 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/03/05 16:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2007/06/11 20:27:23 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddmon.exe
MOD - [2007/05/30 06:12:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/30 06:12:15 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/30 06:11:21 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 09:20:25 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 09:19:53 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
MOD - [2007/04/30 09:19:51 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 09:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/06 08:16:47 | 000,589,824 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxdddatr.dll
MOD - [2007/01/09 17:10:05 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddscw.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/05/05 14:00:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/26 17:23:19 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/04/14 00:19:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/08/23 08:04:46 | 000,919,352 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/06/29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/12/28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/03/01 20:37:28 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 19:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/05/25 10:41:53 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 10:41:37 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- -- (SuperMounter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/18 14:20:27 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys -- (RapportCerberus_32029)
DRV - [2011/08/23 08:04:58 | 000,161,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/08/23 08:04:58 | 000,070,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/08/23 08:04:58 | 000,056,336 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/07/13 14:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 14:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2010/04/25 13:50:46 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/03/15 11:38:44 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2010/03/15 11:38:44 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM)
DRV - [2010/03/15 11:38:44 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM)
DRV - [2010/03/15 11:38:44 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2010/03/15 11:38:44 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus) Sony Ericsson Device 1039 driver (WDM)
DRV - [2010/03/15 11:38:44 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS)
DRV - [2010/03/15 11:38:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2010/03/01 20:37:30 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/12/02 13:51:08 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009/10/20 19:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/10/15 21:30:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/10/15 21:30:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/05/14 15:49:34 | 000,093,312 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/11/02 09:44:10 | 000,056,572 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2007/10/04 10:14:00 | 007,625,088 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/10 13:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/07/07 08:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/02/15 15:14:28 | 000,019,840 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2006/11/02 08:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2003/08/11 10:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{F2E04335-8180-4232-A501-BC6DFCCA78B3}: "URL" = http://search.condui...&ctid=CT2418376

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\..\SearchScopes,DefaultScope = {BDAF4D72-83DF-44FF-B8D4-8915CFF88265}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8B95D70D-0B2E-4AC6-8636-7E71F7851810}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{AA9B9DFA-1AAA-4E89-B7D7-ECC40A6521CE}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://startsear.ch/...q={searchTerms}
IE - HKCU\..\SearchScopes\{BDAF4D72-83DF-44FF-B8D4-8915CFF88265}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F2E04335-8180-4232-A501-BC6DFCCA78B3}: "URL" = http://search.condui...&ctid=CT2418376
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "PageRage Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://en-GB.start3....en-GB:official"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.27.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1462
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {5120AABB-B7F4-4CBB-8F90-B3AD0F52806F}:1.9.1
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@ilok.com/iLokHelper,version=3.1.0.7: C:\Program Files\PACE Anti-Piracy\iLok\NPPaceILok.dll ( PACE Anti-Piracy, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/05 14:00:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/12 11:39:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/08/12 16:08:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5120AABB-B7F4-4CBB-8F90-B3AD0F52806F}: C:\Users\HSBC-05\AppData\Local\{5120AABB-B7F4-4CBB-8F90-B3AD0F52806F}\ [2011/08/24 00:22:18 | 000,000,000 | ---D | M]

[2009/02/08 19:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Extensions
[2012/05/04 23:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions
[2011/12/22 13:16:58 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/09/13 13:55:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2011/08/08 23:54:27 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\extensions\[email protected]
[2010/11/23 13:02:06 | 000,000,919 | ---- | M] () -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\searchplugins\conduit.xml
[2011/07/11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\searchplugins\startsear.xml
[2012/01/11 00:33:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/12 16:15:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/05 14:00:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/17 22:09:10 | 000,045,056 | ---- | M] (Info Technology Supply Ltd) -- C:\Program Files\mozilla firefox\plugins\nppstart.dll
[2011/08/31 11:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/05/05 14:00:49 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/15 23:25:23 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/05 14:00:49 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/05 14:00:49 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/05/05 14:00:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/05 14:00:49 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/05/19 12:36:04 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9565115D-C7D6-46D3-BD63-B67B481A4368} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A55E92B-3446-45B5-8525-30971FEB2DCC}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\HSBC-05\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\HSBC-05\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/19 12:35:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/18 22:19:09 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/05/18 22:18:53 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Roaming\Autodesk
[2012/05/18 22:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2012/05/17 21:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/16 18:14:00 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Roaming\Jtypkl
[2012/05/12 16:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/12 16:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/05/11 00:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\IK Multimedia
[2012/05/11 00:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IK Multimedia
[2012/05/11 00:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Extreme Sample Converter 3
[2012/05/05 14:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/05 14:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/20 00:49:01 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Roaming\NeroDigital
[2012/04/20 00:48:26 | 000,000,000 | ---D | C] -- C:\Users\HSBC-05\AppData\Local\Nero_AG

========== Files - Modified Within 30 Days ==========

[2012/05/19 12:43:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/19 12:39:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/19 12:39:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 12:39:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 12:39:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/19 12:36:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/05/19 12:25:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/05/19 02:30:43 | 1602,366,225 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/18 22:19:10 | 000,001,976 | ---- | M] () -- C:\Users\HSBC-05\Desktop\Autodesk 123D Catch.lnk
[2012/05/18 18:20:24 | 000,611,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/18 18:20:24 | 000,109,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/17 04:56:35 | 000,204,800 | ---- | M] () -- C:\Users\HSBC-05\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 19:02:06 | 000,007,944 | ---- | M] () -- C:\Users\HSBC-05\AppData\Local\d3d9caps.dat
[2012/05/12 16:13:18 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/12 00:12:47 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/11 00:38:44 | 000,000,016 | ---- | M] () -- C:\Windows\System32\w3data.vss
[2012/05/11 00:38:44 | 000,000,016 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll
[2012/05/11 00:38:44 | 000,000,016 | ---- | M] () -- C:\Windows\msocreg32.dat
[2012/05/02 01:15:58 | 000,001,116 | ---- | M] () -- C:\Users\HSBC-05\AppData\Roaming\DVDSubEdit.ini

========== Files Created - No Company Name ==========

[2012/05/18 22:19:10 | 000,001,976 | ---- | C] () -- C:\Users\HSBC-05\Desktop\Autodesk 123D Catch.lnk
[2012/05/16 18:44:01 | 1602,366,225 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/05/12 16:13:18 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/11 00:38:43 | 000,000,016 | ---- | C] () -- C:\Windows\System32\w3data.vss
[2012/05/11 00:38:43 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2012/05/11 00:38:43 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/05/02 01:12:40 | 000,001,116 | ---- | C] () -- C:\Users\HSBC-05\AppData\Roaming\DVDSubEdit.ini
[2012/02/21 01:37:22 | 000,000,132 | ---- | C] () -- C:\Users\HSBC-05\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/18 13:39:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/18 13:37:57 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/11 22:45:36 | 000,000,335 | ---- | C] () -- C:\Windows\setting.ini
[2011/10/06 01:14:57 | 000,000,080 | ---- | C] () -- C:\Users\HSBC-05\AppData\Local\X-Plane Installer.prf

========== LOP Check ==========

[2011/08/26 15:08:22 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\3FD3B5BBFB9EFAE8D3B3F62F8C26F3F5
[2010/09/29 21:40:58 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Amazon
[2012/05/18 22:18:53 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Autodesk
[2011/08/22 17:11:14 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Avbelo
[2012/05/16 21:58:33 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\BitComet
[2009/09/04 19:38:39 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\com.adobe.ExMan
[2011/09/07 23:07:52 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/17 12:55:18 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Ecmu
[2011/08/04 16:10:33 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Egheor
[2009/03/10 18:02:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\ESET
[2011/08/26 13:15:49 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Ewgale
[2009/12/17 03:26:56 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\FFSJ
[2010/07/26 21:33:57 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Football Superstars
[2011/04/24 13:28:13 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\fz1gxedr2bthxaupsepiqaqzooajnua2
[2009/04/06 22:17:57 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\GeoVid
[2009/06/18 16:41:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\GetRightToGo
[2011/08/07 16:04:49 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\go
[2010/10/20 13:15:48 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\ImTOO
[2010/10/02 13:17:54 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\ImTOO Software Studio
[2011/08/04 19:52:31 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Ivdye
[2012/05/16 18:14:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Jtypkl
[2009/02/07 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Lexmark Productivity Studio
[2009/04/05 13:16:51 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\MOVAVI
[2009/06/20 22:55:48 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\MPEG Streamclip
[2010/08/18 00:18:30 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Nanex
[2011/07/14 19:12:19 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Odyho
[2010/09/13 18:11:13 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\PACE Anti-Piracy
[2009/06/11 15:48:14 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Panasonic
[2011/07/17 14:54:00 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Paypcu
[2011/10/09 14:01:12 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\pokerth
[2011/01/16 14:55:35 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Replay Media Catcher 4
[2011/08/24 01:18:34 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Siev
[2011/09/07 17:34:11 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Sony
[2009/10/15 21:27:11 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Sony Setup
[2011/11/02 03:03:21 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Sports Interactive
[2011/07/02 21:31:09 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\StreamTorrent
[2011/09/10 12:26:28 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Thinstall
[2011/02/10 19:25:49 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Trusteer
[2009/03/10 18:27:51 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\www.pro-evo.xooit.fr
[2011/09/27 14:08:50 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Xi
[2011/05/09 12:50:04 | 000,000,000 | ---D | M] -- C:\Users\HSBC-05\AppData\Roaming\Xilisoft
[2010/04/27 10:18:49 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2010/04/27 10:18:49 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2010/04/27 10:18:49 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2010/04/27 10:18:49 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2012/05/19 12:38:37 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\HSBC-05\GD.avi:TOC.WMV

< End of report >

0

#4
Hbosses

Posted 19 May 2012 - 06:26 AM

Member

Topic Starter
Member
17 posts

ComboFix Log

ComboFix 12-05-19.01 - HSBC-05 19/05/2012 12:54:25.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1982.959 [GMT 1:00]
Running from: c:\users\HSBC-05\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HSBC-05\AppData\Roaming\Adobe\plugs
c:\users\HSBC-05\AppData\Roaming\Adobe\shed
c:\users\HSBC-05\AppData\Roaming\FFSJ
c:\users\HSBC-05\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\HSBC-05\AppData\Roaming\Odyho
c:\users\HSBC-05\AppData\Roaming\Odyho\ewwim.feo
c:\users\HSBC-05\AppData\Roaming\Odyho\ewwim.tmp
c:\users\HSBC-05\Setup-SopCast-3.2.9.exe
c:\windows\iun6002.exe
c:\windows\system32\msvcsv60.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFPANSI
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 11:35 . 2012-05-19 11:35 -------- d-----w- C:\_OTL
2012-05-18 21:19 . 2012-05-18 21:19 10630568 ----a-r- c:\users\HSBC-05\AppData\Roaming\Microsoft\Installer\{62939D22-F2E8-44BD-A655-0D1F41D5EBA2}\PhotoSceneEditor.exe
2012-05-18 21:18 . 2012-05-18 21:18 -------- d-----w- c:\users\HSBC-05\AppData\Roaming\Autodesk
2012-05-18 21:18 . 2012-05-18 21:18 -------- d-----w- c:\program files\Autodesk
2012-05-17 20:54 . 2012-05-17 20:54 -------- d-----w- c:\program files\Trend Micro
2012-05-16 17:14 . 2012-05-16 17:14 -------- d-----w- c:\users\HSBC-05\AppData\Roaming\Jtypkl
2012-05-12 15:13 . 2012-05-12 15:13 -------- d-----w- c:\program files\Common Files\Skype
2012-05-10 23:36 . 2012-05-10 23:36 -------- d-----w- c:\program files\IK Multimedia
2012-05-10 23:36 . 2012-05-10 23:36 -------- d-----w- c:\programdata\IK Multimedia
2012-05-10 23:07 . 2012-05-10 23:41 -------- d-----w- c:\program files\Extreme Sample Converter 3
2012-05-05 13:00 . 2012-05-05 13:01 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 13:00 . 2012-05-05 13:00 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 13:00 . 2012-05-05 13:00 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-19 23:49 . 2012-04-19 23:49 -------- d-----w- c:\users\HSBC-05\AppData\Roaming\NeroDigital
2012-04-19 23:48 . 2012-04-19 23:48 -------- d-----w- c:\users\HSBC-05\AppData\Local\Nero_AG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 17:10 . 2012-04-06 10:44 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-14 17:10 . 2011-05-16 05:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 14:56 . 2011-04-18 20:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-05 13:00 . 2012-02-15 22:25 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6707744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-01 119152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
"Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-01-18 941320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"NBAgent"="c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Auto run of VideoCam Suite 1.0.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Auto run of VideoCam Suite 1.0.lnk
backup=c:\windows\pss\Auto run of VideoCam Suite 1.0.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-07-25 10:41 433360 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 10:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 18:42]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 14:28]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.co.uk/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\HSBC-05\AppData\Roaming\Mozilla\Firefox\Profiles\dxa7569c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.accept-encoding -
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
MSConfigStartUp-Ovasoweqoha - c:\users\HSBC-05\AppData\Local\ovcvcani.dll
MSConfigStartUp-Pkuzicakiheva - c:\users\HSBC-05\AppData\Local\agoyakidalo.dll
MSConfigStartUp-{D8B780DE-0906-D799-1656-8FADBDFFB02A} - c:\users\HSBC-05\AppData\Roaming\Paypcu\alha.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-19 13:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet009\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\windows\system32\lxddcoms.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Nero\Update\NASvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-05-19 13:19:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 12:19
.
Pre-Run: 107,180,355,584 bytes free
Post-Run: 106,646,257,664 bytes free
.
- - End Of File - - CEDE2B44620CDEEB50A80375C82F9F40

0

#5
ali.B

Posted 19 May 2012 - 12:15 PM

Trusted Helper

Malware Removal
3,086 posts

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner

Click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Things i would like to see in your reply:

Malwarebytes Results.
Eset scanner report.
Update on how your computer is running

0

#6
Hbosses

Posted 19 May 2012 - 05:55 PM

Member

Topic Starter
Member
17 posts

Well here's the Malwarebytes results

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.19.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
HSBC-05 :: HSBC-05-PC [administrator]

Protection: Disabled

19/05/2012 22:56:19
mbam-log-2012-05-19 (22-56-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206886
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

0

#7
Hbosses

Posted 19 May 2012 - 05:59 PM

Member

Topic Starter
Member
17 posts

Im just waiting on Eset, but at the moment the little popups that appear in the bottom right of the screen have seemingly disappeared but Google, Bing and Yahoo still don't work

0

#8
Hbosses

Posted 20 May 2012 - 10:42 AM

Member

Topic Starter
Member
17 posts

Well the Eset didnt find any infections, I dont have the log to give you sorry, I couldnt find it, i'll try it again if its a necessity but i'd rather not as it takes too long.
So neither Malwarebytes or Eset found anything on my computer.
The search engines still don't work and when I turned the computer on this morning, the little pop ups began to show again, even on the Eset website!!

I have no idea whats goin on, but I appreciate you helping me.

0

#9
ali.B

Posted 20 May 2012 - 11:04 AM

Trusted Helper

Malware Removal
3,086 posts

hi

what popups are showing could you please explain more?

0

#10
Hbosses

Posted 20 May 2012 - 12:42 PM

Member

Topic Starter
Member
17 posts

Posted Image

0

Advertisements

#11
Hbosses

Posted 20 May 2012 - 12:49 PM

Member

Topic Starter
Member
17 posts

It shows up even on this site, another problem I have now is the computer doesnt recognise my webcam so I cant make calls on Skype. Its all happening at once!!

0

#12
Hbosses

Posted 20 May 2012 - 02:03 PM

Member

Topic Starter
Member
17 posts

No the webcam is fine now after restarting the computer.
But the other problems still remain.

0

#13
ali.B

Posted 21 May 2012 - 12:22 AM

Trusted Helper

Malware Removal
3,086 posts

does this show on all browsers ?

0

#14
Hbosses

Posted 21 May 2012 - 03:51 AM

Member

Topic Starter
Member
17 posts

Yes and on any random website, theres no particular pattern as to what website it shows up on. I only use Internet Explorer and Firefox.

On startup my Eset has found a threat called Wdf01000.sys but it can't delete it, and having looked at the log from previous scans I have ran, its has shown up on quite a few occasions, but Eset have been unable to clean it or delete it.

Its in the Windows/System32/Drivers folder, I've found it so I can delete it myself, but I'll wait to see what you think. Do you know anything about that file??

Edited by Hbosses, 21 May 2012 - 06:43 AM.

0

#15
Hbosses

Posted 21 May 2012 - 01:34 PM

Member

Topic Starter
Member
17 posts

Right Eset has labelled the file WDF01000.sys as a Win32/agent.SUC.gen and having read a description on it, it seems to fit the bill for the problems Ive been having, such as my hotmail getting hacked.

What can I do to rid the computer of this virus???

0

Next

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Geeks to Go Forum 343,321 topics
Quick Links FAQ Malware Cleaning Guide How it Works
Downloads 2+ million

View New Content

Forums

Downloads

Members

Status Updates

Connect With Us

Copyright © 2003- Local 360, LLC All rights reserved.

Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.