Active Internet Explorer redirects me to a different website

[Active] Internet Explorer redirects me to a different website

Hello, I am Brugutu. Every time I click on a website. Internet Explorer redirects me to a different website. I dont know what to do, so I was hoping someone will help me. I need Helppppp.

I downloaded HijackThis and the logfile is below:

Logfile of HijackThis v1.99.1
Scan saved at 07:46:39, on 19/11/2009
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\explorer.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\taskeng.exe
C:\Users\Lovaflex\Desktop\KillBox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.forex-finance-trading.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.forex-finance-trading.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0 "
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

If HijackThis is not sufficient, what software whould I use then

 

I have downloaded The DDS in getting started. And this is what is says in the two documents it provided.
DDS (Ver_09-10-26.01) - NTFSx86
Run by Lovaflex at 8:54:45.01 on 19/11/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1514 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\explorer.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Users\Lovaflex\Downloads\Cryptload\CryptLoad.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Lovaflex\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://www.forex-finance-trading.com/
uDefault_Search_URL = hxxp://www.forex-finance-trading.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\softonic-eng7\tbSoft.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0 "
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
StartupFolder: c:\users\lovaflex\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

============= SERVICES / DRIVERS ===============

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\drivers\Amddfltr.sys [2008-9-27 15416]
R0 xbpublic;FSE File System Filter Driver;c:\windows\system32\drivers\xbpublic.sys [2009-9-16 16768]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20091111.001\IDSvix86.sys [2009-11-13 272432]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_805f33de\AEstSrv.exe [2009-4-22 77824]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 24880]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-5-21 341328]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-9-30 103440]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-5-21 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-4-17 114528]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

=============== Created Last 30 ================

2009-11-19 07:43:28 0 d-----w- C:\!KillBox
2009-11-19 07:13:08 0 d-----w- C:\fixwareout
2009-11-18 15:56:23 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-18 15:56:23 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-18 15:20:31 0 d-----w- c:\program files\trend micro
2009-11-18 13:36:32 0 d-----w- C:\ATI
2009-11-17 17:02:13 0 d-----w- c:\programdata\HP Product Assistant
2009-11-17 16:59:03 77354 ----a-w- c:\windows\hpqins05.dat
2009-11-12 02:23:00 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 02:22:49 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 22:36:02 0 d-----w- c:\program files\Windows Portable Devices
2009-11-10 22:34:32 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-10 21:49:44 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-10 21:49:42 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-10 21:49:42 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-10 21:46:33 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-10 21:46:33 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-10 21:46:33 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-08 20:07:09 0 d-----w- c:\users\lovaflex\Incomplete
2009-11-05 19:44:23 0 d-----w- c:\users\lovaflex\appdata\roaming\Malwarebytes
2009-11-05 19:44:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-05 19:44:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-05 19:44:16 0 d-----w- c:\programdata\Malwarebytes
2009-11-05 19:44:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 19:26:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-10-31 14:54:05 0 d-----w- c:\program files\iPod
2009-10-31 14:54:02 0 d-----w- c:\program files\iTunes
2009-10-28 03:34:59 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 03:34:57 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 05:54:23 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 05:53:51 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 05:53:41 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-27 05:53:41 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-23 18:55:25 0 d-----w- c:\program files\Conduit
2009-10-23 18:55:24 0 d-----w- c:\program files\Softonic-Eng7
2009-10-23 06:53:07 0 d-----w- c:\windows\system32\URTTEMP

==================== Find3M ====================

2009-11-18 13:40:22 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-18 13:40:22 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-18 13:40:12 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-10 22:35:54 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-11 04:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-06 12:58:02 161292 ----a-w- c:\windows\hpqins00.dat
2009-10-04 14:18:48 0 ----a-w- c:\users\lovaflex\appdata\roaming\wklnhst.dat
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-30 14:31:46 103440 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41:26 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41:26 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41:26 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41:26 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41:26 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-20 06:38:24 160621 ----a-w- c:\windows\hpoins28.dat
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 15:29:44 4455865 ----a-w- c:\windows\system32\libavcodec.dll
2009-09-06 14:52:04 828611 ----a-w- c:\windows\system32\ff_x264.dll
2009-09-04 11:41:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 20:23:04 183296 ----a-w- c:\windows\system32\ff_samplerate.dll
2009-09-02 20:22:58 178688 ----a-w- c:\windows\system32\ff_libmad.dll
2009-09-02 20:22:40 113152 ----a-w- c:\windows\system32\ff_unrar.dll
2009-09-02 20:22:10 257024 ----a-w- c:\windows\system32\ff_libdts.dll
2009-09-02 20:22:06 142848 ----a-w- c:\windows\system32\ff_liba52.dll
2009-09-02 16:38:44 425040 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-09-02 16:35:12 557003 ----a-w- c:\windows\system32\libmplayer.dll
2009-09-02 16:01:48 146098 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-25 18:07:36 328334 ----a-w- c:\windows\system32\ff_kernelDeint.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-12 02:15:34 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-12 02:15:34 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-12 02:15:34 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-12 02:15:34 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-03-14 13:20:13 22 --sha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 8:58:32.36 ===============

 

This is the Attach Txt.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27/09/2008 10:33:25
System Uptime: 18/11/2009 17:44:16 (15 hours ago)

Motherboard: Quanta | | 3600
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 2100/1800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 73.792 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.684 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

32 Bit HP CIO Components Installer
AAC Decoder
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player
Agere Systems HDA Modem
AMD Driver Support for HP 3D DriverGuard
AoA Audio Extractor Platinum
AOL Toolbar 5.0
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
ATI Catalyst Registration
AutoUpdate
Backup
Bonjour
BTOffer
BufferChm
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.4 Patch
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
ccCommon
CCleaner (remove only)
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cole2k Media - Codec Pack (Standard) 7.9.0
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink YouCam
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DivX Codec
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
Dual-Core Optimizer
eSupportQFolder
F4200
F4200_Help
GearDrvs
Google Toolbar for Internet Explorer
GPBaseService
GPBaseService2
H.264 Decoder
Hijackthis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 10.0
HP MULTIPLE MODEM INSTALLER for VISTA
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 D3
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Smart Web Printing
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0102
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
IDT Audio
iTunes
Java(TM) 6 Update 17
Java(TM) 6 Update 5
JMicron JMB38X Flash Media Controller
Junk Mail filter update
LabelPrint
LightScribe System Software
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
MobileMe Control Panel
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
NVIDIA PhysX
OGA Notifier 2.0.0048.0
P2PFilter 3.0.5
Power2Go
PowerArchiver 2010
PowerDirector
Pro Evolution Soccer 2010
ProtectSmart Hard Drive Protection
PSSWCORE
PunkBuster Services
QuickTime
Readon TV Movie Radio Player 5.5.5.0
Realtek 8169 8168 8101E 8102E Ethernet Driver
Safari
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shop for HP Supplies
Skins
Skype™ 4.0
SmartWebPrintingOC
Softonic-Eng7 Toolbar
SolutionCenter
SPBBC 32bit
Spybot - Search & Destroy
Status
STREET FIGHTER IV
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Viewpoint Media Player
Virtua Tennis(TM) 2009
WebReg
Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
Yahoo! Toolbar

==== End Of File ===========================

 

Thanks

 

Hi Brugutu
Welcome to WindowsBBS.

Please do the following.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouse click combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

Thanks
Geri

 

I have scanned my system with combofix . The log is below:
ComboFix 09-11-19.05 - Lovaflex 20/11/2009 12:42.3.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1869 [GMT 0:00]
Running from: c:\users\Lovaflex\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1082741739-2697296195-468550379-500
c:\$recycle.bin\S-1-5-21-2876232168-1077061575-3994848077-500
c:\recycler\ã..

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-20 13:02 . 2009-11-20 13:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-20 12:42 . 2008-01-21 02:23 115816 ----a-w- c:\windows\system32\drivers\ulsata2.sys
2009-11-20 12:42 . 2006-11-02 09:50 98408 ----a-w- c:\windows\system32\drivers\ulsata.sys
2009-11-20 12:42 . 2008-01-21 02:23 238648 ----a-w- c:\windows\system32\drivers\uliahci.sys
2009-11-20 12:42 . 2006-11-02 09:50 34920 ----a-w- c:\windows\system32\drivers\sym_u3.sys
2009-11-20 12:40 . 2008-01-21 02:23 79416 ----a-w- c:\windows\system32\drivers\arc.sys
2009-11-20 12:40 . 2006-11-02 09:50 71272 ----a-w- c:\windows\system32\drivers\djsvs.sys
2009-11-20 12:40 . 2008-01-21 02:23 149560 ----a-w- c:\windows\system32\drivers\adpu320.sys
2009-11-20 12:40 . 2008-01-21 02:23 101432 ----a-w- c:\windows\system32\drivers\adpu160m.sys
2009-11-20 12:40 . 2008-01-21 02:23 300600 ----a-w- c:\windows\system32\drivers\adpahci.sys
2009-11-20 12:40 . 2008-01-21 02:23 422968 ----a-w- c:\windows\system32\drivers\adp94xx.sys
2009-11-20 03:12 . 2009-10-02 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.024\ECMSVR32.DLL
2009-11-20 03:12 . 2009-09-17 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.024\NAVENG.SYS
2009-11-20 03:12 . 2009-09-17 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.024\EECTRL.SYS
2009-11-20 03:12 . 2009-09-17 08:00 2747952 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.024\CCERASER.DLL
2009-11-20 03:12 . 2009-09-17 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.024\NAVENG32.DLL
2009-11-20 03:12 . 2009-09-17 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.024\NAVEX32A.DLL
2009-11-20 03:12 . 2009-09-17 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.024\NAVEX15.SYS
2009-11-20 03:12 . 2009-09-17 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.024\ERASER.SYS
2009-11-19 18:50 . 2009-10-02 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.004\ECMSVR32.DLL
2009-11-19 18:50 . 2009-09-17 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.004\NAVENG.SYS
2009-11-19 18:50 . 2009-09-17 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.004\EECTRL.SYS
2009-11-19 18:50 . 2009-09-17 08:00 2747952 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.004\CCERASER.DLL
2009-11-19 18:50 . 2009-09-17 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.004\NAVENG32.DLL
2009-11-19 18:50 . 2009-09-17 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.004\NAVEX32A.DLL
2009-11-19 18:50 . 2009-09-17 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.004\NAVEX15.SYS
2009-11-19 18:50 . 2009-09-17 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091119.004\ERASER.SYS
2009-11-19 07:43 . 2009-11-19 07:43 -------- d-----w- C:\!KillBox
2009-11-19 07:13 . 2009-11-19 07:13 -------- d-----w- C:\fixwareout
2009-11-18 15:56 . 2009-11-19 20:06 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-18 15:56 . 2009-11-19 19:56 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-18 15:20 . 2009-11-18 15:21 -------- d-----w- c:\program files\trend micro
2009-11-18 15:20 . 2009-11-18 15:21 -------- d-----w- C:\rsit
2009-11-18 14:33 . 2009-11-18 14:33 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6A39.tmp.exe
2009-11-18 14:01 . 2009-11-18 14:01 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 13:36 . 2009-11-18 13:36 -------- d-----w- C:\ATI
2009-11-17 17:02 . 2009-11-17 17:02 -------- d-----w- c:\programdata\HP Product Assistant
2009-11-17 16:59 . 2009-11-17 17:03 77354 ----a-w- c:\windows\hpqins05.dat
2009-11-13 22:25 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\Scxpx86.dll
2009-11-13 22:25 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\IDSvix86.sys
2009-11-13 22:25 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\SymIDSco.sys
2009-11-13 22:25 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\IDSxpx86.dll
2009-11-13 22:25 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\SymIDSI.dll
2009-11-13 22:25 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\IDSviA64.sys
2009-11-13 22:25 . 2009-01-02 22:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\IDS9xx86.dll
2009-11-12 13:42 . 2009-11-12 13:42 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-12 02:23 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 02:22 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 18:43 . 2009-11-11 18:43 -------- d-----w- c:\users\Lovaflex\AppData\Local\HP
2009-11-10 22:36 . 2009-11-10 22:36 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-10 21:49 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-10 21:49 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-10 21:49 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-10 21:46 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-10 21:46 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-10 21:46 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-10 20:05 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\Scxpx86.dll
2009-11-10 20:05 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\IDSvix86.sys
2009-11-10 20:05 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\SymIDSco.sys
2009-11-10 20:05 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\IDSxpx86.dll
2009-11-10 20:05 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\SymIDSI.dll
2009-11-10 20:05 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\IDSviA64.sys
2009-11-10 20:05 . 2009-01-02 22:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\IDS9xx86.dll
2009-11-08 20:07 . 2009-11-08 20:07 -------- d-----w- c:\users\Lovaflex\Incomplete
2009-11-05 19:44 . 2009-11-05 19:44 -------- d-----w- c:\users\Lovaflex\AppData\Roaming\Malwarebytes
2009-11-05 19:44 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-05 19:44 . 2009-11-05 19:44 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 19:44 . 2009-11-05 19:44 -------- d-----w- c:\programdata\Malwarebytes
2009-11-05 19:44 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-05 17:25 . 2009-11-05 17:25 0 ----a-w- c:\users\Lovaflex\AppData\Local\Ymayehizajifoh.bin
2009-11-05 17:25 . 2009-11-05 19:36 120 ----a-w- c:\users\Lovaflex\AppData\Local\Cbavuyiwifapoy.dat
2009-11-05 17:25 . 2009-11-05 17:25 -------- d-----w- c:\users\Lovaflex\AppData\Local\{92AC0A86-13B5-4FBE-8C7A-D4A33653C33E}
2009-10-31 14:54 . 2009-10-31 14:54 -------- d-----w- c:\program files\iPod
2009-10-31 14:54 . 2009-10-31 14:55 4096 d-----w- c:\program files\iTunes
2009-10-31 14:48 . 2009-10-31 14:48 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 03:34 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 03:34 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 05:54 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 05:54 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 05:54 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 05:54 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 05:53 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 05:53 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 05:53 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 05:53 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 05:53 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-23 18:55 . 2009-10-23 18:55 -------- d-----w- c:\program files\Conduit
2009-10-23 18:55 . 2009-10-23 18:55 4096 d-----w- c:\program files\Softonic-Eng7
2009-10-23 06:53 . 2009-10-23 06:53 -------- d-----w- c:\windows\system32\URTTEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 12:35 . 2009-02-24 19:51 4096 d-----w- c:\users\Lovaflex\AppData\Roaming\Skype
2009-11-20 11:33 . 2009-02-24 19:55 8192 d-----w- c:\users\Lovaflex\AppData\Roaming\skypePM
2009-11-19 18:32 . 2008-09-27 09:36 -------- d-----w- c:\program files\ATI
2009-11-17 20:26 . 2009-09-20 06:12 4096 d-----w- c:\programdata\HP
2009-11-17 20:25 . 2009-02-07 10:12 77768 ----a-w- c:\users\Lovaflex\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-17 08:02 . 2008-05-21 18:45 4096 d-----w- c:\program files\Java
2009-11-12 13:44 . 2009-03-14 15:51 8192 d-----w- c:\program files\Safari
2009-11-12 03:21 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-12 03:05 . 2008-05-21 18:20 8192 d-----w- c:\programdata\Microsoft Help
2009-11-11 18:43 . 2009-09-20 06:31 -------- d-----w- c:\users\Lovaflex\AppData\Roaming\HP
2009-11-10 22:45 . 2009-02-11 19:45 -------- d-----w- c:\program files\KONAMI
2009-11-10 22:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-10 22:34 . 2009-11-10 22:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-10 21:56 . 2008-05-21 16:56 12288 d--h--w- c:\program files\InstallShield Installation Information
2009-11-08 20:16 . 2009-06-06 15:33 8192 d-----w- c:\users\Lovaflex\AppData\Roaming\LimeWire
2009-11-07 19:10 . 2009-02-11 15:01 8192 d-----w- c:\program files\DivX
2009-11-07 19:10 . 2009-08-08 14:17 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-10-31 14:54 . 2009-02-07 11:04 -------- d-----w- c:\program files\Common Files\Apple
2009-10-21 04:37 . 2009-02-11 19:52 -------- d-----w- c:\programdata\KONAMI
2009-10-13 11:19 . 2009-02-08 13:45 4096 d-----w- c:\program files\Windows Live
2009-10-13 11:17 . 2009-10-13 11:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-13 11:16 . 2009-02-08 13:45 -------- d-----w- c:\program files\Microsoft
2009-10-11 04:17 . 2009-03-15 20:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 14:36 . 2009-02-15 23:24 680 ----a-w- c:\users\Lovaflex\AppData\Local\d3d9caps.dat
2009-10-06 12:58 . 2009-10-06 12:55 161292 ----a-w- c:\windows\hpqins00.dat
2009-10-04 17:33 . 2009-10-04 17:32 -------- d-----w- c:\program files\CCleaner
2009-10-04 17:33 . 2009-10-04 17:32 -------- d-----w- c:\program files\Yahoo!
2009-10-04 17:32 . 2009-10-04 17:32 -------- d-----w- c:\users\Lovaflex\AppData\Roaming\Yahoo!
2009-10-04 17:32 . 2009-10-04 17:32 -------- d-----w- c:\programdata\Yahoo! Companion
2009-10-04 14:18 . 2009-10-04 14:18 -------- d-----w- c:\users\Lovaflex\AppData\Roaming\Template
2009-10-04 14:18 . 2009-10-04 14:18 0 ----a-w- c:\users\Lovaflex\AppData\Roaming\wklnhst.dat
2009-10-03 10:09 . 2009-10-03 10:09 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-03 05:30 . 2009-02-07 11:04 -------- d-----w- c:\programdata\Apple Computer
2009-10-01 18:31 . 2009-10-01 18:31 533 ----a-w- c:\windows\eReg.dat
2009-10-01 01:02 . 2009-11-10 21:48 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-10 21:48 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-10 21:48 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-10 21:48 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-10 21:48 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-10 21:48 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-10 21:48 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-10 21:48 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-10 21:48 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-10 21:48 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-10 21:48 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-10 21:48 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-30 14:31 . 2009-09-30 14:31 103440 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2009-09-30 13:58 . 2008-02-18 19:38 9576 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10 . 2009-11-10 21:48 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-10 21:48 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-10 21:48 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-10 21:48 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-10 21:48 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-10 21:48 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-10 21:48 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-10 21:48 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-10 21:48 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-10 21:48 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-10 21:48 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-10 21:48 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-10 21:48 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-10 21:48 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-10 21:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-10 21:48 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-10 21:48 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-10 21:48 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-10 21:48 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-10 21:48 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-10 21:48 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-10 21:48 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-10 21:48 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-10 21:48 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-10 21:48 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-10 21:48 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-10 21:48 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-20 06:38 . 2009-09-20 06:12 160621 ----a-w- c:\windows\hpoins28.dat
2009-09-17 08:58 . 2009-09-16 19:42 260 ----a-w- c:\windows\system32\FSEPath.dat
2009-09-17 08:00 . 2009-09-17 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2009-09-17 08:00 . 2009-09-17 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\EECTRL.SYS
2009-09-17 08:00 . 2009-09-17 08:00 2747952 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2009-09-17 08:00 . 2009-09-17 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2009-09-17 08:00 . 2009-09-17 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG32.DLL
2009-09-17 08:00 . 2009-09-17 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX32A.DLL
2009-09-17 08:00 . 2009-09-17 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2009-09-17 08:00 . 2009-09-17 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.SYS
2009-09-15 17:10 . 2009-09-15 17:10 10134 ----a-r- c:\users\Lovaflex\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2009-09-14 09:29 . 2009-10-14 20:20 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 20:21 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 10:48 . 2009-10-06 18:41 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe
2009-09-10 10:48 . 2009-10-06 18:41 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll
2009-09-10 10:48 . 2009-10-06 18:41 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL
2009-09-07 15:29 . 2009-09-07 15:29 4455865 ----a-w- c:\windows\system32\libavcodec.dll
2009-09-06 14:52 . 2009-09-06 14:52 828611 ----a-w- c:\windows\system32\ff_x264.dll
2009-09-06 07:00 . 2009-02-08 13:38 1707128 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe
2009-03-14 13:20 . 2009-03-14 13:20 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} "= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2009-09-23 10:50 2261016 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} "= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} "= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-27 2387968]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck "= "c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2009-03-10 468264]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"amd_dc_opt "= "c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"hpqSRMon "= "c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\users\Lovaflex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):0f,75,c2,a3,d7,e4,c9,01

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [27/09/2008 09:47 15416]
R0 xbpublic;FSE File System Filter Driver;c:\windows\System32\drivers\xbpublic.sys [16/09/2009 19:42 16768]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091111.001\IDSvix86.sys [13/11/2009 22:25 272432]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe [22/04/2009 21:47 77824]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 23:24 24880]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 19:37 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [21/05/2008 18:40 341328]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 15:28 1533808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/05/2008 17:28 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04/09/2008 17:47 54784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 00:17 102448]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [17/04/2009 08:48 114528]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 11:31 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [13/01/2008 02:32 23888]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2009-11-10 c:\windows\Tasks\HPCeeScheduleForLovaflex.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-21 22:14]

2009-11-20 c:\windows\Tasks\User_Feed_Synchronization-{366F138D-F07A-4C73-8DE1-09F1FC6E4567}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.forex-finance-trading.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 13:02
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll Amddfltr.sys >>UNKNOWN [0x86479170]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x807a4d24
\Driver\ACPI -> acpi.sys @ 0x80612d68
\Driver\atapi -> ataport.SYS @ 0x826bba2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2876232168-1077061575-3994848077-1000\Software\SecuROM\License information*]
"datasecu "=hex:e4,3b,65,c5,8f,67,68,06,ac,48,85,61,b9,b3,c5,7b,26,cd,ec,c3,4a,
8f,a2,73,66,05,c2,85,cc,24,7c,5c,45,9b,b6,67,e2,98,98,ef,e5,e8,e9,2a,ff,0a,\
"rkeysecu "=hex:ce,bc,ff,c1,ca,f6,0b,ad,11,39,34,99,5c,71,8b,e0

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4864)
c:\windows\System32\NLSData0009.dll
.
Completion time: 2009-11-20 13:13
ComboFix-quarantined-files.txt 2009-11-20 13:12

Pre-Run: 76,203,823,104 bytes free
Post-Run: 76,139,040,768 bytes free

- - End Of File - - 7101D729D3998AAB173F2E752BA3FE76

 

Hi

Please do the following.

Upload a File to Virustotal
Please visit Virustotal

• Click the Browse... button
• Navigate to the file c:\users\Lovaflex\AppData\Local\Cbavuyiwifapoy.dat
• Click the Open button
• Click the Send button
• Copy and paste the results back here please.

Download GMER to your DeskTop.

Right click and extract it to it's own folder on the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has completed, click Copy and paste the results (if any) into this topic.

Please post both reports.

Thanks
Geri

 

When I used Virus Total this was the results
MD5: 8efeabdeec3de81c3dc42a2801ddf461
First received: 2009.08.29 15:56:28 UTC
Date: 2009.11.19 22:26:42 UTC [+1D]
Results: 0/41
Permalink: analisis/643f2d4a4311c9af9f31a361a0e827c1aaa6520328d1374e2ee4a65e6e9a2a37-1258669602

And when I used the GMER, this was the results produced
GMER 1.0.15.15227 - http://www.gmer.net
Rootkit quick scan 2009-11-21 04:27:55
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Lovaflex\AppData\Local\Temp\kwrdrkow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs xbpublic.sys (DoGoodSoft File System Filter Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat xbpublic.sys (DoGoodSoft File System Filter Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

Hi
Please do the following.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

Code:

KillAll::
File::
c:\users\Lovaflex\AppData\Local\Ymayehizajifoh.bin
c:\users\Lovaflex\AppData\Local\Cbavuyiwifapoy.dat
Folder::
c:\users\Lovaflex\AppData\Local\{92AC0A86-13B5-4FBE-8C7A-D4A33653C33E}

Please post the Combofix log.

Are you still being redirected?

Geri

 

Yes I am still being directed. This is the log that was produced:
ComboFix 09-11-19.05 - Lovaflex 21/11/2009 17:38.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1933 [GMT 0:00]
Running from: c:\users\Lovaflex\Desktop\ComboFix.exe
Command switches used :: c:\users\Lovaflex\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Lovaflex\AppData\Local\Cbavuyiwifapoy.dat "
"c:\users\Lovaflex\AppData\Local\Ymayehizajifoh.bin "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Lovaflex\AppData\Local\{92AC0A86-13B5-4FBE-8C7A-D4A33653C33E}
c:\users\Lovaflex\AppData\Local\{92AC0A86-13B5-4FBE-8C7A-D4A33653C33E}\chrome.manifest
c:\users\Lovaflex\AppData\Local\{92AC0A86-13B5-4FBE-8C7A-D4A33653C33E}\chrome\content\_cfg.js
c:\users\Lovaflex\AppData\Local\{92AC0A86-13B5-4FBE-8C7A-D4A33653C33E}\chrome\content\overlay.xul
c:\users\Lovaflex\AppData\Local\{92AC0A86-13B5-4FBE-8C7A-D4A33653C33E}\install.rdf
c:\users\Lovaflex\AppData\Local\Cbavuyiwifapoy.dat
c:\users\Lovaflex\AppData\Local\Ymayehizajifoh.bin

.
((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.

2009-11-21 17:51 . 2009-11-21 17:56 -------- d-----w- c:\users\Lovaflex\AppData\Local\temp
2009-11-21 17:51 . 2009-11-21 17:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-21 17:51 . 2009-11-21 17:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-21 17:36 . 2006-11-02 09:50 41576 ----a-w- c:\windows\system32\drivers\iirsp.sys
2009-11-21 17:36 . 2008-01-21 02:23 235064 ----a-w- c:\windows\system32\drivers\iastorv.sys
2009-11-21 17:36 . 2008-01-21 02:23 30264 ----a-w- c:\windows\system32\drivers\i2omp.sys
2009-11-21 17:36 . 2008-01-21 02:23 40504 ----a-w- c:\windows\system32\drivers\hpcisss.sys
2009-11-21 17:36 . 2008-01-21 02:23 342584 ----a-w- c:\windows\system32\drivers\elxstor.sys
2009-11-21 17:36 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-21 17:36 . 2008-01-21 02:23 79928 ----a-w- c:\windows\system32\drivers\arcsas.sys
2009-11-21 17:36 . 2008-01-21 02:23 79416 ----a-w- c:\windows\system32\drivers\arc.sys
2009-11-21 17:36 . 2006-11-02 09:50 71272 ----a-w- c:\windows\system32\drivers\djsvs.sys
2009-11-21 17:36 . 2008-01-21 02:23 149560 ----a-w- c:\windows\system32\drivers\adpu320.sys
2009-11-21 17:36 . 2008-01-21 02:23 101432 ----a-w- c:\windows\system32\drivers\adpu160m.sys
2009-11-21 17:36 . 2008-01-21 02:23 300600 ----a-w- c:\windows\system32\drivers\adpahci.sys
2009-11-21 17:36 . 2008-01-21 02:23 422968 ----a-w- c:\windows\system32\drivers\adp94xx.sys
2009-11-21 11:24 . 2009-10-02 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.050\ECMSVR32.DLL
2009-11-21 11:24 . 2009-09-17 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.050\NAVENG.SYS
2009-11-21 11:24 . 2009-09-17 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.050\EECTRL.SYS
2009-11-21 11:24 . 2009-09-17 08:00 2747952 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.050\CCERASER.DLL
2009-11-21 11:24 . 2009-09-17 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.050\NAVENG32.DLL
2009-11-21 11:24 . 2009-09-17 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.050\NAVEX32A.DLL
2009-11-21 11:24 . 2009-09-17 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.050\NAVEX15.SYS
2009-11-21 11:24 . 2009-09-17 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.050\ERASER.SYS
2009-11-21 03:14 . 2009-10-02 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.025\ECMSVR32.DLL
2009-11-21 03:14 . 2009-09-17 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.025\NAVENG.SYS
2009-11-21 03:14 . 2009-09-17 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.025\EECTRL.SYS
2009-11-21 03:14 . 2009-09-17 08:00 2747952 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.025\CCERASER.DLL
2009-11-21 03:14 . 2009-09-17 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.025\NAVENG32.DLL
2009-11-21 03:14 . 2009-09-17 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.025\NAVEX32A.DLL
2009-11-21 03:14 . 2009-09-17 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.025\NAVEX15.SYS
2009-11-21 03:14 . 2009-09-17 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20091120.025\ERASER.SYS
2009-11-20 20:27 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-20 20:27 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-19 07:43 . 2009-11-19 07:43 -------- d-----w- C:\!KillBox
2009-11-19 07:13 . 2009-11-19 07:13 -------- d-----w- C:\fixwareout
2009-11-18 15:56 . 2009-11-19 20:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-18 15:56 . 2009-11-19 19:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-18 15:20 . 2009-11-18 15:21 -------- d-----w- c:\program files\trend micro
2009-11-18 15:20 . 2009-11-18 15:21 -------- d-----w- C:\rsit
2009-11-18 14:33 . 2009-11-18 14:33 471664 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6A39.tmp.exe
2009-11-18 14:01 . 2009-11-18 14:01 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-18 13:36 . 2009-11-18 13:36 -------- d-----w- C:\ATI
2009-11-17 17:02 . 2009-11-17 17:02 -------- d-----w- c:\programdata\HP Product Assistant
2009-11-17 16:59 . 2009-11-17 17:03 77354 ----a-w- c:\windows\hpqins05.dat
2009-11-13 22:25 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\Scxpx86.dll
2009-11-13 22:25 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\IDSvix86.sys
2009-11-13 22:25 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\SymIDSco.sys
2009-11-13 22:25 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\IDSxpx86.dll
2009-11-13 22:25 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\SymIDSI.dll
2009-11-13 22:25 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\IDSviA64.sys
2009-11-13 22:25 . 2009-01-02 22:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091111.001\IDS9xx86.dll
2009-11-12 13:42 . 2009-11-12 13:42 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-12 02:23 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-12 02:22 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 18:43 . 2009-11-11 18:43 -------- d-----w- c:\users\Lovaflex\AppData\Local\HP
2009-11-10 22:36 . 2009-11-10 22:36 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-10 21:49 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-10 21:49 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-10 21:49 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-10 21:46 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-10 21:46 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-10 21:46 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-10 20:05 . 2009-03-06 17:25 439672 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\Scxpx86.dll
2009-11-10 20:05 . 2009-02-09 22:59 272432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\IDSvix86.sys
2009-11-10 20:05 . 2009-02-09 22:59 251768 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\SymIDSco.sys
2009-11-10 20:05 . 2009-02-09 22:59 685432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\IDSxpx86.dll
2009-11-10 20:05 . 2009-02-09 22:59 173432 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\SymIDSI.dll
2009-11-10 20:05 . 2009-02-09 22:59 370224 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\IDSviA64.sys
2009-11-10 20:05 . 2009-01-02 22:18 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\ipsdefs\20091106.003\IDS9xx86.dll
2009-11-08 20:07 . 2009-11-08 20:07 -------- d-----w- c:\users\Lovaflex\Incomplete
2009-11-06 10:59 . 2009-11-06 10:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 10:59 . 2009-11-06 10:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-05 19:44 . 2009-11-05 19:44 -------- d-----w- c:\users\Lovaflex\AppData\Roaming\Malwarebytes
2009-11-05 19:44 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-05 19:44 . 2009-11-05 19:44 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 19:44 . 2009-11-05 19:44 -------- d-----w- c:\programdata\Malwarebytes
2009-11-05 19:44 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 18:05 . 2009-11-02 18:05 167064 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-02 18:05 . 2009-11-02 18:05 71832 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-10-31 14:54 . 2009-10-31 14:54 -------- d-----w- c:\program files\iPod
2009-10-31 14:54 . 2009-10-31 14:55 4096 d-----w- c:\program files\iTunes
2009-10-31 14:48 . 2009-10-31 14:48 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 03:34 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 03:34 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 05:54 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 05:54 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 05:54 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 05:54 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 05:53 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 05:53 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 05:53 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 05:53 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 05:53 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-23 18:55 . 2009-10-23 18:55 -------- d-----w- c:\program files\Conduit
2009-10-23 18:55 . 2009-10-23 18:55 4096 d-----w- c:\program files\Softonic-Eng7
2009-10-23 06:53 . 2009-10-23 06:53 -------- d-----w- c:\windows\system32\URTTEMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 17:31 . 2009-02-24 19:51 4096 d-----w- c:\users\Lovaflex\AppData\Roaming\Skype
2009-11-21 16:04 . 2009-02-24 19:55 8192 d-----w- c:\users\Lovaflex\AppData\Roaming\skypePM
2009-11-19 18:32 . 2008-09-27 09:36 -------- d-----w- c:\program files\ATI
2009-11-17 20:26 . 2009-09-20 06:12 4096 d-----w- c:\programdata\HP
2009-11-17 20:25 . 2009-02-07 10:12 77768 ----a-w- c:\users\Lovaflex\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-17 08:02 . 2008-05-21 18:45 4096 d-----w- c:\program files\Java
2009-11-12 13:44 . 2009-03-14 15:51 8192 d-----w- c:\program files\Safari
2009-11-12 03:21 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-12 03:05 . 2008-05-21 18:20 8192 d-----w- c:\programdata\Microsoft Help
2009-11-11 18:43 . 2009-09-20 06:31 -------- d-----w- c:\users\Lovaflex\AppData\Roaming\HP
2009-11-10 22:45 . 2009-02-11 19:45 -------- d-----w- c:\program files\KONAMI
2009-11-10 22:35 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-10 22:34 . 2009-11-10 22:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-10 21:56 . 2008-05-21 16:56 12288 d--h--w- c:\program files\InstallShield Installation Information
2009-11-08 20:16 . 2009-06-06 15:33 8192 d-----w- c:\users\Lovaflex\AppData\Roaming\LimeWire
2009-11-07 19:10 . 2009-02-11 15:01 8192 d-----w- c:\program files\DivX
2009-11-07 19:10 . 2009-08-08 14:17 4096 d-----w- c:\program files\Common Files\DivX Shared
2009-10-31 14:54 . 2009-02-07 11:04 -------- d-----w- c:\program files\Common Files\Apple
2009-10-21 04:37 . 2009-02-11 19:52 -------- d-----w- c:\programdata\KONAMI
2009-10-13 11:19 . 2009-02-08 13:45 4096 d-----w- c:\program files\Windows Live
2009-10-13 11:17 . 2009-10-13 11:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-13 11:16 . 2009-02-08 13:45 -------- d-----w- c:\program files\Microsoft
2009-10-11 04:17 . 2009-03-15 20:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 14:36 . 2009-02-15 23:24 680 ----a-w- c:\users\Lovaflex\AppData\Local\d3d9caps.dat
2009-10-06 12:58 . 2009-10-06 12:55 161292 ----a-w- c:\windows\hpqins00.dat
2009-10-04 17:33 . 2009-10-04 17:32 -------- d-----w- c:\program files\CCleaner
2009-10-04 17:33 . 2009-10-04 17:32 -------- d-----w- c:\program files\Yahoo!
2009-10-04 17:32 . 2009-10-04 17:32 -------- d-----w- c:\users\Lovaflex\AppData\Roaming\Yahoo!
2009-10-04 17:32 . 2009-10-04 17:32 -------- d-----w- c:\programdata\Yahoo! Companion
2009-10-04 14:18 . 2009-10-04 14:18 -------- d-----w- c:\users\Lovaflex\AppData\Roaming\Template
2009-10-04 14:18 . 2009-10-04 14:18 0 ----a-w- c:\users\Lovaflex\AppData\Roaming\wklnhst.dat
2009-10-03 10:09 . 2009-10-03 10:09 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-03 05:30 . 2009-02-07 11:04 -------- d-----w- c:\programdata\Apple Computer
2009-10-01 18:31 . 2009-10-01 18:31 533 ----a-w- c:\windows\eReg.dat
2009-10-01 01:02 . 2009-11-10 21:48 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-10 21:48 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-10 21:48 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-10 21:48 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-10 21:48 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-10 21:48 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-10 21:48 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-10 21:48 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-10 21:48 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-10 21:48 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-10 21:48 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-10 21:48 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-30 14:31 . 2009-09-30 14:31 103440 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2009-09-30 13:58 . 2008-02-18 19:38 9576 ----a-w- c:\programdata\Symantec\LiveUpdate\LuRegManifests\Static\CCMSLLUM.DLL
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-09-25 16:41 . 2009-09-25 16:41 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-09-25 16:41 . 2009-09-25 16:41 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-09-25 16:41 . 2009-09-25 16:41 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-09-25 16:41 . 2009-09-25 16:41 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-09-25 16:41 . 2009-09-25 16:41 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 02:10 . 2009-11-10 21:48 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-10 21:48 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-10 21:48 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-10 21:48 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-10 21:48 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-10 21:48 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-10 21:48 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-10 21:48 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-10 21:48 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-10 21:48 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-10 21:48 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-10 21:48 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-10 21:48 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-10 21:48 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-10 21:48 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-10 21:48 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-10 21:48 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-10 21:48 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-10 21:48 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-10 21:48 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-10 21:48 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-10 21:48 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-10 21:48 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-10 21:48 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-10 21:48 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-10 21:48 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-10 21:48 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-20 06:38 . 2009-09-20 06:12 160621 ----a-w- c:\windows\hpoins28.dat
2009-09-17 08:58 . 2009-09-16 19:42 260 ----a-w- c:\windows\system32\FSEPath.dat
2009-09-17 08:00 . 2009-09-17 08:00 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG.SYS
2009-09-17 08:00 . 2009-09-17 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\EECTRL.SYS
2009-09-17 08:00 . 2009-09-17 08:00 2747952 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\CCERASER.DLL
2009-09-17 08:00 . 2009-09-17 08:00 259440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ECMSVR32.DLL
2009-09-17 08:00 . 2009-09-17 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVENG32.DLL
2009-09-17 08:00 . 2009-09-17 08:00 1647984 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX32A.DLL
2009-09-17 08:00 . 2009-09-17 08:00 1323568 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\NAVEX15.SYS
2009-09-17 08:00 . 2009-09-17 08:00 102448 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\BinHub\ERASER.SYS
2009-09-15 17:10 . 2009-09-15 17:10 10134 ----a-r- c:\users\Lovaflex\AppData\Roaming\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
2009-09-14 09:29 . 2009-10-14 20:20 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 16:48 . 2009-10-14 20:21 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 10:48 . 2009-10-06 18:41 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe
2009-09-10 10:48 . 2009-10-06 18:41 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll
2009-09-10 10:48 . 2009-10-06 18:41 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL
2009-09-07 15:29 . 2009-09-07 15:29 4455865 ----a-w- c:\windows\system32\libavcodec.dll
2009-09-06 14:52 . 2009-09-06 14:52 828611 ----a-w- c:\windows\system32\ff_x264.dll
2009-09-06 07:00 . 2009-02-08 13:38 1707128 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en\Installers\SetupGamesClient.exe
2009-03-14 13:20 . 2009-03-14 13:20 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-11-20_13.02.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-11-21 17:56 67816 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-07 10:02 . 2009-11-21 12:44 14310 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2876232168-1077061575-3994848077-1000_UserData.bin
- 2009-11-20 12:42 . 2006-11-02 09:50 98408 c:\windows\System32\drivers\ulsata.sys
+ 2009-11-21 17:37 . 2006-11-02 09:50 98408 c:\windows\System32\drivers\ulsata.sys
- 2009-11-20 12:41 . 2006-11-02 09:50 35944 c:\windows\System32\drivers\symc8xx.sys
+ 2009-11-21 17:37 . 2006-11-02 09:50 35944 c:\windows\System32\drivers\symc8xx.sys
+ 2009-11-21 17:37 . 2006-11-02 09:50 34920 c:\windows\System32\drivers\sym_u3.sys
- 2009-11-20 12:42 . 2006-11-02 09:50 34920 c:\windows\System32\drivers\sym_u3.sys
+ 2009-11-21 17:37 . 2006-11-02 09:49 31848 c:\windows\System32\drivers\sym_hi.sys
- 2009-11-20 12:41 . 2006-11-02 09:49 31848 c:\windows\System32\drivers\sym_hi.sys
- 2009-11-20 12:41 . 2008-01-21 02:23 74808 c:\windows\System32\drivers\sisraid4.sys
+ 2009-11-21 17:37 . 2008-01-21 02:23 74808 c:\windows\System32\drivers\sisraid4.sys
+ 2009-11-21 17:37 . 2008-01-21 02:23 41016 c:\windows\System32\drivers\sisraid2.sys
- 2009-11-20 12:41 . 2008-01-21 02:23 41016 c:\windows\System32\drivers\sisraid2.sys
+ 2009-11-21 17:37 . 2008-01-21 02:23 45112 c:\windows\System32\drivers\nvstor.sys
- 2009-11-20 12:41 . 2008-01-21 02:23 45112 c:\windows\System32\drivers\nvstor.sys
+ 2009-11-21 17:37 . 2006-11-02 09:50 45160 c:\windows\System32\drivers\nfrd960.sys
- 2009-11-20 12:41 . 2006-11-02 09:50 45160 c:\windows\System32\drivers\nfrd960.sys
+ 2009-11-21 17:37 . 2008-01-21 02:23 28728 c:\windows\System32\drivers\msahci.sys
- 2009-11-20 12:41 . 2008-01-21 02:23 28728 c:\windows\System32\drivers\msahci.sys
- 2009-11-20 12:41 . 2006-11-02 09:49 33384 c:\windows\System32\drivers\mraid35x.sys
+ 2009-11-21 17:37 . 2006-11-02 09:49 33384 c:\windows\System32\drivers\mraid35x.sys
+ 2009-11-21 17:37 . 2008-01-21 02:23 31288 c:\windows\System32\drivers\megasas.sys
- 2009-11-20 12:41 . 2008-01-21 02:23 31288 c:\windows\System32\drivers\megasas.sys
- 2009-11-20 12:41 . 2008-01-21 02:23 96312 c:\windows\System32\drivers\lsi_scsi.sys
+ 2009-11-21 17:37 . 2008-01-21 02:23 96312 c:\windows\System32\drivers\lsi_scsi.sys
+ 2009-11-21 17:37 . 2008-01-21 02:23 89656 c:\windows\System32\drivers\lsi_sas.sys
- 2009-11-20 12:41 . 2008-01-21 02:23 89656 c:\windows\System32\drivers\lsi_sas.sys
+ 2009-11-21 17:37 . 2008-01-21 02:23 96312 c:\windows\System32\drivers\lsi_fc.sys
- 2009-11-20 12:41 . 2008-01-21 02:23 96312 c:\windows\System32\drivers\lsi_fc.sys
+ 2009-11-21 17:37 . 2006-11-02 09:50 35944 c:\windows\System32\drivers\iteraid.sys
- 2009-11-20 12:41 . 2006-11-02 09:50 35944 c:\windows\System32\drivers\iteraid.sys
- 2009-11-20 12:41 . 2006-11-02 09:50 35944 c:\windows\System32\drivers\iteatapi.sys
+ 2009-11-21 17:37 . 2006-11-02 09:50 35944 c:\windows\System32\drivers\iteatapi.sys
- 2008-09-27 09:30 . 2009-11-20 12:28 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-27 09:30 . 2009-11-21 17:53 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-27 09:30 . 2009-11-20 12:28 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-27 09:30 . 2009-11-21 17:53 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-27 09:30 . 2009-11-20 12:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-27 09:30 . 2009-11-21 17:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-20 12:28 . 2009-11-20 12:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-11-21 17:53 . 2009-11-21 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-11-20 12:28 . 2009-11-20 12:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-21 17:53 . 2009-11-21 17:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-11-21 17:57 112374 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2009-11-21 18:01 609146 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-11-20 12:36 609146 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-11-21 18:01 109878 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-11-20 12:36 109878 c:\windows\System32\perfc009.dat
- 2009-11-20 12:42 . 2008-01-21 02:23 115816 c:\windows\System32\drivers\ulsata2.sys
+ 2009-11-21 17:37 . 2008-01-21 02:23 115816 c:\windows\System32\drivers\ulsata2.sys
- 2009-11-20 12:42 . 2008-01-21 02:23 238648 c:\windows\System32\drivers\uliahci.sys
+ 2009-11-21 17:37 . 2008-01-21 02:23 238648 c:\windows\System32\drivers\uliahci.sys
- 2009-11-20 12:41 . 2006-11-02 09:50 106088 c:\windows\System32\drivers\ql40xx.sys
+ 2009-11-21 17:37 . 2006-11-02 09:50 106088 c:\windows\System32\drivers\ql40xx.sys
- 2009-11-20 12:41 . 2008-01-21 02:23 386616 c:\windows\System32\drivers\megasr.sys
+ 2009-11-21 17:37 . 2008-01-21 02:23 386616 c:\windows\System32\drivers\megasr.sys
- 2009-04-28 21:14 . 2009-11-20 12:28 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-04-28 21:14 . 2009-11-21 17:53 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-20 20:26 . 2009-11-20 20:26 847872 c:\windows\Installer\551ad6.msi
+ 2009-11-20 20:25 . 2009-11-20 20:25 752128 c:\windows\Installer\551a8d.msi
+ 2009-11-21 17:37 . 2008-01-21 02:23 1122360 c:\windows\System32\drivers\ql2300.sys
- 2009-11-20 12:41 . 2008-01-21 02:23 1122360 c:\windows\System32\drivers\ql2300.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} "= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2009-09-23 10:50 2261016 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} "= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} "= "c:\program files\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel "= "c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-01-27 2387968]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-09 39408]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay "= "c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck "= "c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SysTrayApp "= "c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2009-03-10 468264]
"UCam_Menu "= "c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"amd_dc_opt "= "c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"hpqSRMon "= "c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\users\Lovaflex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):0f,75,c2,a3,d7,e4,c9,01

R0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\System32\drivers\Amddfltr.sys [27/09/2008 09:47 15416]
R0 xbpublic;FSE File System Filter Driver;c:\windows\System32\drivers\xbpublic.sys [16/09/2009 19:42 16768]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20091111.001\IDSvix86.sys [13/11/2009 22:25 272432]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe [22/04/2009 21:47 77824]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 02:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 23:24 24880]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 19:37 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [21/05/2008 18:40 341328]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 15:28 1533808]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04/09/2008 17:47 54784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/08/2009 00:17 102448]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [17/04/2009 08:48 114528]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 11:31 41008]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [13/01/2008 02:32 23888]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21/05/2008 17:28 193840]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder

2009-11-10 c:\windows\Tasks\HPCeeScheduleForLovaflex.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-05-21 22:14]

2009-11-21 c:\windows\Tasks\User_Feed_Synchronization-{366F138D-F07A-4C73-8DE1-09F1FC6E4567}.job
- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.forex-finance-trading.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 17:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll Amddfltr.sys >>UNKNOWN [0x8647D170]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8079ad24
\Driver\ACPI -> acpi.sys @ 0x80608d68
\Driver\atapi -> ataport.SYS @ 0x826b5a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2876232168-1077061575-3994848077-1000\Software\SecuROM\License information*]
"datasecu "=hex:e4,3b,65,c5,8f,67,68,06,ac,48,85,61,b9,b3,c5,7b,26,cd,ec,c3,4a,
8f,a2,73,66,05,c2,85,cc,24,7c,5c,45,9b,b6,67,e2,98,98,ef,e5,e8,e9,2a,ff,0a,\
"rkeysecu "=hex:ce,bc,ff,c1,ca,f6,0b,ad,11,39,34,99,5c,71,8b,e0

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\wermgr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LuComServer_3_4.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2009-11-21 18:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-21 18:12
ComboFix2.txt 2009-11-20 13:13

Pre-Run: 73,386,512,384 bytes free
Post-Run: 73,350,963,200 bytes free

- - End Of File - - 8D831406748839BA30726EB1678E0266

 

Hi
OK please do this.


Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Read then Click Accept on the Information page.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

When I scanned it with Kaspersky WebScanner
No results were produced. Because it didnt detect any infections....

 

Hi
OK, well I'm not seeing anything either.

Did you install all of these? and do you use them all?
AOL Toolbar
Google Toolbar
SingleInstance Class - Yahoo! Toolbar
Softonic-Eng7 Toolbar

Please download [color= "#0000FF"]GooredFix[/color] and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Thanks
Geri

 

I dont use all these toolbars. I use Safari. But because I had Internet Explorer, I was told to update my Internet Explorer, so i did.

 

Hi

So is it Safari that is being redirected? or IE?

OK lets remove all the ones you don't use.

Please go to Start > Control Panel > Add/Remove Programs (Windows Vista it’s Programs and Features) and remove the following (if present):


AOL Toolbar 5.0
Google Toolbar for Internet Explorer
Hijackthis 1.99.1 << This is a old version
Java(TM) 6 Update 5 <<This is out dated
Softonic-Eng7 Toolbar <<Not sure if this is for work? Only remove if you don't use it.
Yahoo! Toolbar

After doing the above please download this Hijackthis version and post a log.

Download a copy of HijackThis installer from here and save it to your Desktop.

1. Save HJTInstall.exe to your desktop.
2. Double-click on the HJTintall.exe icon on your desktop.
   (Let it install to the default location C:\Program Files\Hijackthis)
3. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
4. Put a check by Create a desktop icon and then click Next again.
5. Continue to follow the rest of the prompts from there.
6. At the final dialogue box click Finish and it will launch HijackThis.
7. Click on the Do a system scan and save a log file button.
   (It will scan and the log should open in Notepad.)
8. Click on "Edit" > "Select All" to highlight the entire Notepad contents.
9. Then click on "Edit" > "Copy ".
10. Come back here to this thread and Paste the log in your next reply.
    (Right-click in the message body field and select "Paste ".)

Thanks
Geri