Active Internet Explorer redirects me to a different website

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:38:24, on 25/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Lovaflex\Downloads\Cryptload\CryptLoad.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.forex-finance-trading.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0 "
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe

--
End of file - 9917 bytes

 

Hi

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Reboot your computer.

So is it Safari that is being redirected? or IE?

Geri

 

It still haven't stopped. Both internet explorer and safari keep redirecting
me to different sites........

 

Hi
OK, I see you have MBAM, Please run it this way.

• 
  Launch Malwarebytes' Anti-Malware,
• Click on the "Update" tab then clicl on "Update ", it will download and install the latest version.
• Once the program has loaded, select 'Perform Full scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Thanks
Geri

 

Malwarebytes' Anti-Malware 1.41
Database version: 3245
Windows 6.0.6002 Service Pack 2

28/11/2009 01:50:55
mbam-log-2009-11-28 (01-50-55).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 362993
Time elapsed: 1 hour(s), 29 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

• Please download OTL
  
• OTL

• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the scan button.
• Two reports will open, copy and paste them in a reply here
  

• OTListIt.txt <-- Will be opened
• Extra.txt <-- Will be minimized

Geri

 

OTL Extras logfile created on: 28/11/2009 18:21:54 - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Users\Lovaflex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 85.06% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.54 Gb Total Space | 59.47 Gb Free Space | 26.60% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.68 Gb Free Space | 18.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LOVAFLEX-PC
Current User Name: Lovaflex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6D12C098-5774-4000-BEE1-7C879C2243E4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D3E76D11-DAD7-4068-80A7-49E05131B17C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E6BC27-C162-4245-9223-5A280FBEB9AC}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3DFFE3E2-24BF-4B3B-B8C8-842B8CD287A9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4B3EB26E-C61B-4D4E-B124-11FA1FA7A623}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{59BA045B-A58E-426B-B6B6-67D2DACE8C54}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5C4840CA-0132-45D8-99D5-6C02AEC92D1D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7E02B96C-E4BF-4C63-87FE-5FE71CDF8388}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7ED50D93-706F-4B91-B308-35FD5884EB92}" = protocol=6 | dir=in | app=c:\program files\capcom\streetfighteriv\streetfighteriv.exe |
"{7F155EA3-F419-4B1D-B90C-DE2763817FE0}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{7F266B5A-22DB-44E6-900F-29C73F2899AA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{80B397E5-9F9C-49F0-8CD8-4BE04441652B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8135F348-EC75-435B-A22F-9D79F547B919}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{87A0429F-AC42-47C8-9223-922991F32DF1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{88244750-61A0-4014-A9DF-7B3B85492005}" = protocol=17 | dir=in | app=c:\program files\capcom\streetfighteriv\streetfighteriv.exe |
"{944CBA21-B54A-4D34-8885-307B8914080C}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{A091BCA6-D25C-4FBB-A07D-96B49E443EA6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AF248D4C-C934-4AFC-9E70-3A1AA4659F01}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2A6B7ED-3176-4215-B953-1B1DA067EA62}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{C0B39B85-51B3-4077-B389-1B2FC314BCDE}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{F114D74C-51BB-4DBD-BCB2-98BCE3F5B4B6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FD3EE777-F282-4481-BEFD-7ADF211A2621}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{FEC5DF67-8975-4C70-AAAB-B87792FE20F0}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{005A00DD-F955-CAF8-8DB4-C15C3A1E715F}" = Catalyst Control Center Graphics Previews Vista
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0FD95BFA-44E8-4AD5-954E-3407ADD55B06}" = Readon TV Movie Radio Player 5.5.5.0
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{150586B4-E85A-4B8B-4C60-CADA9121FA08}" = Catalyst Control Center Graphics Previews Common
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25049BA9-E395-283F-8B6A-F2D78BC96BB5}" = Skins
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{300FB2C5-1328-A7F1-DBB3-925452E7D763}" = Catalyst Control Center Graphics Light
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{58CAA96F-E8EC-539E-6C62-3E5519BCFA52}" = ccc-utility
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F878A3-0032-6276-7909-3FE5B451C966}" = Catalyst Control Center Graphics Full New
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A143F03-DFB2-4DE4-9332-8FB34E07281D}" = BTOffer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95CA9A50-1416-4F24-98C6-F90DB07976FC}" = PowerArchiver 2010
"{96BC4472-AB51-50BD-93D9-37B5CE88D3A2}" = Catalyst Control Center Core Implementation
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis(TM) 2009
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A7D837CD-C485-B501-6033-993FC68335FC}" = CCC Help English
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB06254A-9A28-F8AD-236E-FB5C3108FE85}" = ATI Catalyst Install Manager
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B39B02E2-F711-BE47-E2D3-76F458F14CF6}" = Catalyst Control Center Graphics Full Existing
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor Platinum
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D286752E-1AE7-3FA1-1306-E6DC0C4F13BA}" = ccc-core-static
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F31E534B-4199-4552-8154-5C130710D68E}" = HP Total Care Advisor
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner (remove only)
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Standard) 7.9.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NIS" = Norton Internet Security
"P2PFilter" = P2PFilter 3.0.5
"PunkBusterSvc" = PunkBuster Services
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/10/2009 15:23:05 | Computer Name = Lovaflex-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/10/2009 07:14:26 | Computer Name = Lovaflex-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 13/10/2009 07:14:30 | Computer Name = Lovaflex-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 13/10/2009 07:14:30 | Computer Name = Lovaflex-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 13/10/2009 07:18:02 | Computer Name = Lovaflex-PC | Source = VSS | ID = 8194
Description =

Error - 13/10/2009 07:18:41 | Computer Name = Lovaflex-PC | Source = System Restore | ID = 8193
Description =

Error - 14/10/2009 13:13:36 | Computer Name = Lovaflex-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/10/2009 16:47:45 | Computer Name = Lovaflex-PC | Source = Windows Search Service | ID = 3006
Description =

Error - 14/10/2009 16:47:45 | Computer Name = Lovaflex-PC | Source = Windows Search Service | ID = 3007
Description =

Error - 14/10/2009 17:19:28 | Computer Name = Lovaflex-PC | Source = EventSystem | ID = 4621
Description =

[ OSession Events ]
Error - 02/04/2009 19:56:35 | Computer Name = Lovaflex-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1647
seconds with 1620 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 27/11/2009 20:52:31 | Computer Name = Lovaflex-PC | Source = bowser | ID = 8003
Description =

Error - 27/11/2009 21:28:34 | Computer Name = Lovaflex-PC | Source = bowser | ID = 8003
Description =

Error - 28/11/2009 05:59:21 | Computer Name = Lovaflex-PC | Source = DCOM | ID = 10010
Description =

Error - 28/11/2009 07:43:07 | Computer Name = Lovaflex-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.28 for the Network Card with network
address 00234E4A6CD8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 28/11/2009 08:01:22 | Computer Name = Lovaflex-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 28/11/2009 08:02:32 | Computer Name = Lovaflex-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 28/11/2009 08:02:32 | Computer Name = Lovaflex-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 28/11/2009 08:05:02 | Computer Name = Lovaflex-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 28/11/2009 08:05:02 | Computer Name = Lovaflex-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 28/11/2009 14:09:49 | Computer Name = Lovaflex-PC | Source = bowser | ID = 8003
Description =


< End of report >

 

OTL logfile created on: 28/11/2009 18:21:54 - Run 1
OTL by OldTimer - Version 3.1.11.2 Folder = C:\Users\Lovaflex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 85.06% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.54 Gb Total Space | 59.47 Gb Free Space | 26.60% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 1.68 Gb Free Space | 18.00% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LOVAFLEX-PC
Current User Name: Lovaflex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/28 18:20:14 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Lovaflex\Desktop\OTL.exe
PRC - [2009/11/23 21:31:27 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/05 21:14:44 | 01,794,848 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/10 14:58:25 | 00,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/08/22 07:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/22 07:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/04 06:55:19 | 00,107,832 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
PRC - [2009/07/26 15:44:34 | 00,113,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/21 18:57:00 | 00,362,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2009/04/11 06:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/11 06:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009/04/11 06:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/10 19:19:56 | 00,468,264 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HP\QuickPlay\QPService.exe
PRC - [2009/03/08 11:34:00 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/27 21:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2009/01/27 21:30:20 | 02,387,968 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PRC - [2009/01/12 15:50:42 | 00,292,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
PRC - [2009/01/12 15:50:42 | 00,116,080 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/10 00:03:50 | 00,724,992 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/12/10 00:03:50 | 00,724,992 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/10/25 07:18:50 | 00,098,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/09/11 11:52:52 | 00,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
PRC - [2008/09/11 11:52:52 | 00,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
PRC - [2008/09/11 11:50:38 | 00,446,556 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/08/07 14:37:24 | 00,024,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\hpservice.exe
PRC - [2008/06/27 15:53:08 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
PRC - [2008/04/11 16:04:54 | 00,685,360 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PRC - [2008/04/03 18:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2008/03/28 02:06:00 | 00,095,528 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/03/28 02:05:00 | 01,045,800 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/03/26 22:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
PRC - [2008/03/25 19:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2008/03/25 19:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2008/03/25 19:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/03/18 16:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/03/14 15:45:10 | 00,202,032 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PRC - [2008/01/26 01:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PRC - [2008/01/21 02:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/11/20 14:44:58 | 00,488,752 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PRC - [2007/11/02 01:42:38 | 00,554,288 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
PRC - [2007/10/14 20:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/09/26 13:34:40 | 00,316,720 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PRC - [2007/01/09 09:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe

 

========== Modules (SafeList) ==========

MOD - [2009/11/28 18:20:14 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Lovaflex\Desktop\OTL.exe
MOD - [2009/04/11 06:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/25 01:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 07:21:19 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/08/04 06:55:19 | 00,107,832 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009/07/16 23:16:44 | 00,250,616 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/21 20:21:18 | 00,248,832 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/27 21:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/01/12 15:50:42 | 00,292,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe -- (QPCapSvc) QuickPlay Background Capture Service (QBCS)
SRV - [2009/01/12 15:50:42 | 00,116,080 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe -- (QPSched) QuickPlay Task Scheduler (QTS)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/12/10 00:03:50 | 00,724,992 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/09 07:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2008/09/11 11:52:52 | 00,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
SRV - [2008/08/07 14:37:24 | 00,024,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\hpservice.exe -- (hpsrv)
SRV - [2008/07/18 12:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/07/18 12:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/06/27 15:53:08 | 00,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
SRV - [2008/04/03 18:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx)
SRV - [2008/03/26 22:26:56 | 00,341,328 | ---- | M] () -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/03/18 16:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/02/03 19:00:00 | 00,129,992 | ---- | M] (EasyBits Sofware AS) -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/26 01:05:30 | 00,148,832 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2008/01/21 02:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/09 09:25:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/11/02 12:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 21:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 10:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/23 12:31:49 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/23 12:31:14 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1007020.00B\ccHPx86.sys -- (ccHP)
DRV - [2009/11/22 09:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091127.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/11/22 09:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/22 09:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/11/22 09:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091127.038\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/28 22:37:22 | 00,343,088 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/09/30 14:31:46 | 00,103,440 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/08/22 07:21:19 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\NIS\1007020.00B\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 07:21:19 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1007020.00B\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 07:21:19 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 07:21:19 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 07:21:19 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1007020.00B\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 07:21:19 | 00,048,688 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 07:21:19 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\system32\drivers\NIS\1007020.00B\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 07:21:06 | 00,025,648 | R--- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/05/25 05:50:44 | 00,164,864 | ---- | M] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/17 08:48:12 | 00,114,528 | ---- | M] (JMicron Technology Corporation) -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/12/10 01:30:58 | 04,172,288 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/21 20:53:40 | 01,204,128 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/09/11 11:54:44 | 00,389,120 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/09/04 17:47:00 | 00,054,784 | ---- | M] (ENE TECHNOLOGY INC.) -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/08/07 14:42:12 | 00,025,392 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/08/07 14:31:52 | 00,034,608 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/05/13 23:08:04 | 00,049,904 | R--- | M] (Avanquest Software) -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/27 18:07:44 | 00,909,824 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/27 17:26:42 | 00,014,352 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/04/14 22:56:18 | 00,170,000 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008/03/28 02:06:00 | 00,199,472 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/21 02:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 02:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 00,654,336 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/21 02:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 00,987,648 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/21 02:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:22 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 02:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/07 20:42:04 | 00,015,416 | ---- | M] (Advanced Micro Devices) -- C:\Windows\system32\DRIVERS\Amddfltr.sys -- (Amddfltr)
DRV - [2007/11/15 20:00:06 | 00,016,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\xbpublic.sys -- (xbpublic)
DRV - [2007/07/11 17:30:22 | 00,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/29 13:47:34 | 00,034,304 | ---- | M] (AMD, Inc.) -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/06/19 00:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:56 | 00,429,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 07:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2004/12/24 18:36:38 | 00,097,792 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2004/12/21 11:38:12 | 00,034,816 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2004/12/15 17:30:14 | 00,050,048 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2004/11/15 22:51:54 | 00,050,048 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2004/10/04 10:33:02 | 00,062,799 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.forex-finance-trading.com/
IE - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000\S-1-5-21-2876232168-1077061575-3994848077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000\S-1-5-21-2876232168-1077061575-3994848077-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/06/06 15:34:08 | 00,000,000 | ---D | M] -- C:\Users\Lovaflex\AppData\Roaming\Mozilla\Extensions
[2009/06/06 15:34:08 | 00,000,000 | ---D | M] -- C:\Users\Lovaflex\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Lovaflex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2876232168-1077061575-3994848077-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/21 18:09:33 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

 

========== Files/Folders - Created Within 30 Days ==========

[2009/11/28 18:20:11 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Lovaflex\Desktop\OTL.exe
[2009/11/26 19:11:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/25 06:47:42 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/25 05:39:52 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2009/11/23 21:32:03 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/23 21:32:03 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/23 21:32:02 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/23 21:26:25 | 00,025,648 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2009/11/23 12:31:48 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1007020.00B\symtdi.sys
[2009/11/23 12:31:48 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1007020.00B\symndisv.sys
[2009/11/23 12:31:48 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1007020.00B\symndis.sys
[2009/11/23 12:31:47 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1007020.00B\SymEFA.sys
[2009/11/23 12:31:47 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1007020.00B\srtsp.sys
[2009/11/23 12:31:47 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1007020.00B\BHDrvx86.sys
[2009/11/23 12:31:47 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1007020.00B\symfw.sys
[2009/11/23 12:31:47 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1007020.00B\srtspx.sys
[2009/11/23 12:31:47 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1007020.00B\symids.sys
[2009/11/23 12:31:14 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/11/23 12:31:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1007020.00B
[2009/11/22 19:04:40 | 00,000,000 | ---D | C] -- C:\Users\Lovaflex\Documents\Symantec
[2009/11/22 19:01:34 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/11/22 19:01:33 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/11/22 19:00:24 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2009/11/22 19:00:21 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/11/22 18:50:35 | 00,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2009/11/22 18:50:05 | 00,000,000 | ---D | C] -- C:\ProgramData\Norton
[2009/11/22 18:49:12 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/11/22 18:49:12 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/11/21 18:12:57 | 00,000,000 | ---D | C] -- C:\Users\Lovaflex\AppData\Local\temp
[2009/11/21 17:37:49 | 00,115,816 | ---- | C] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys
[2009/11/21 17:37:46 | 00,098,408 | ---- | C] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys
[2009/11/21 17:37:44 | 00,238,648 | ---- | C] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys
[2009/11/21 17:37:41 | 00,034,920 | ---- | C] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys
[2009/11/21 17:37:38 | 00,031,848 | ---- | C] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys
[2009/11/21 17:37:35 | 00,035,944 | ---- | C] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys
[2009/11/21 17:37:33 | 00,074,808 | ---- | C] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys
[2009/11/21 17:37:28 | 00,106,088 | ---- | C] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys
[2009/11/21 17:37:25 | 01,122,360 | ---- | C] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys
[2009/11/21 17:37:23 | 00,045,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2009/11/21 17:37:20 | 00,045,160 | ---- | C] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys
[2009/11/21 17:37:16 | 00,033,384 | ---- | C] (LSI Logic Corporation) -- C:\Windows\System32\drivers\mraid35x.sys
[2009/11/21 17:37:13 | 00,386,616 | ---- | C] (LSI Corporation, Inc.) -- C:\Windows\System32\drivers\megasr.sys
[2009/11/21 17:37:11 | 00,031,288 | ---- | C] (LSI Corporation) -- C:\Windows\System32\drivers\megasas.sys
[2009/11/21 17:37:09 | 00,096,312 | ---- | C] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys
[2009/11/21 17:37:07 | 00,089,656 | ---- | C] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys
[2009/11/21 17:37:04 | 00,096,312 | ---- | C] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys
[2009/11/21 17:37:02 | 00,035,944 | ---- | C] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys
[2009/11/21 17:37:00 | 00,035,944 | ---- | C] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys
[2009/11/21 17:36:57 | 00,041,576 | ---- | C] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys
[2009/11/21 17:36:55 | 00,235,064 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iastorv.sys
[2009/11/21 17:36:51 | 00,040,504 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\hpcisss.sys
[2009/11/21 17:36:49 | 00,342,584 | ---- | C] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys
[2009/11/21 17:36:45 | 00,079,928 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys
[2009/11/21 17:36:42 | 00,079,416 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys
[2009/11/21 17:36:40 | 00,071,272 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys
[2009/11/21 17:36:38 | 00,149,560 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys
[2009/11/21 17:36:35 | 00,101,432 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys
[2009/11/21 17:36:33 | 00,300,600 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys
[2009/11/21 17:36:31 | 00,422,968 | ---- | C] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys
[2009/11/20 20:27:41 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2009/11/20 20:27:41 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2009/11/20 11:42:57 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/20 11:42:57 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/20 11:42:57 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/20 11:42:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/20 11:41:46 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/20 11:40:06 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/19 07:45:52 | 00,000,000 | ---D | C] -- C:\Program Files\Hijackthis
[2009/11/18 15:56:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/18 15:56:23 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/18 15:20:31 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/11/18 15:20:15 | 00,000,000 | ---D | C] -- C:\rsit
[2009/11/18 14:01:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/11/18 14:01:13 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/11/18 13:36:32 | 00,000,000 | ---D | C] -- C:\ATI
[2009/11/17 17:02:13 | 00,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2009/11/17 16:59:38 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/11/12 02:23:00 | 02,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/11/12 02:22:49 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2009/11/11 18:45:34 | 00,000,000 | ---D | C] -- C:\Users\Lovaflex\Documents\My Scans
[2009/11/11 18:43:42 | 00,000,000 | ---D | C] -- C:\Users\Lovaflex\AppData\Local\HP
[2009/11/10 22:36:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009/11/10 21:49:44 | 00,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2009/11/10 21:49:42 | 03,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2009/11/10 21:49:42 | 01,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2009/11/10 21:48:59 | 00,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2009/11/10 21:48:57 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2009/11/10 21:48:54 | 00,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2009/11/10 21:48:54 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/11/10 21:48:53 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2009/11/10 21:48:53 | 00,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2009/11/10 21:48:53 | 00,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2009/11/10 21:48:53 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/11/10 21:48:53 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2009/11/10 21:48:53 | 00,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2009/11/10 21:48:53 | 00,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009/11/10 21:48:53 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2009/11/10 21:48:53 | 00,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2009/11/10 21:48:53 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2009/11/10 21:48:53 | 00,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2009/11/10 21:48:52 | 01,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2009/11/10 21:48:52 | 01,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2009/11/10 21:48:52 | 01,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2009/11/10 21:48:52 | 00,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2009/11/10 21:48:52 | 00,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2009/11/10 21:48:52 | 00,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2009/11/10 21:48:52 | 00,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2009/11/10 21:48:52 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2009/11/10 21:48:52 | 00,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2009/11/10 21:48:52 | 00,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2009/11/10 21:48:20 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2009/11/10 21:48:20 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2009/11/10 21:48:16 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2009/11/10 21:48:13 | 00,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2009/11/10 21:48:13 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2009/11/10 21:48:12 | 00,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2009/11/10 21:48:12 | 00,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2009/11/10 21:48:12 | 00,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2009/11/10 21:48:12 | 00,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2009/11/10 21:46:33 | 00,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2009/11/10 21:46:33 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2009/11/08 20:07:09 | 00,000,000 | ---D | C] -- C:\Users\Lovaflex\Incomplete
[2009/11/07 19:10:55 | 00,000,000 | ---D | C] -- C:\Users\Lovaflex\Documents\Temporary Downloaded Files
[2009/11/06 10:59:54 | 15,406,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll
[2009/11/06 10:59:54 | 13,642,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlivefnt.dll
[2009/11/05 19:44:23 | 00,000,000 | ---D | C] -- C:\Users\Lovaflex\AppData\Roaming\Malwarebytes
[2009/11/05 19:44:16 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/11/04 19:26:14 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/11/02 18:05:36 | 00,167,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xliveinstall.dll
[2009/11/02 18:05:34 | 00,071,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xliveinstallhost.exe
[2009/10/31 14:54:05 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/31 14:54:02 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/27 00:26:15 | 03,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009/06/27 00:26:13 | 02,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2009/06/27 00:26:12 | 02,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009/06/27 00:26:12 | 02,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009/06/27 00:26:11 | 02,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[1 C:\Users\Lovaflex\Documents\*.tmp files -> C:\Users\Lovaflex\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/28 18:28:33 | 03,670,016 | -HS- | M] () -- C:\Users\Lovaflex\ntuser.dat
[2009/11/28 18:21:06 | 00,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{366F138D-F07A-4C73-8DE1-09F1FC6E4567}.job
[2009/11/28 18:20:14 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Lovaflex\Desktop\OTL.exe
[2009/11/28 18:00:48 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/28 18:00:48 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/28 16:46:01 | 00,229,888 | ---- | M] () -- C:\Users\Lovaflex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/28 15:05:58 | 00,002,587 | ---- | M] () -- C:\Users\Lovaflex\Desktop\Microsoft Office Word 2007.lnk
[2009/11/28 12:09:06 | 00,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/28 12:09:06 | 00,609,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/28 12:09:06 | 00,109,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/28 12:01:28 | 00,000,269 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2009/11/28 12:00:50 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/11/28 12:00:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/28 11:59:55 | 32,168,75520 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/28 11:54:03 | 00,524,288 | -HS- | M] () -- C:\Users\Lovaflex\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/11/28 11:54:03 | 00,065,536 | -HS- | M] () -- C:\Users\Lovaflex\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/11/28 11:53:49 | 03,164,670 | -H-- | M] () -- C:\Users\Lovaflex\AppData\Local\IconCache.db
[2009/11/28 08:23:40 | 01,757,578 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/11/27 22:23:56 | 00,002,709 | ---- | M] () -- C:\Users\Lovaflex\Desktop\Readon TV Movie Radio Player.lnk
[2009/11/26 11:32:22 | 00,000,939 | ---- | M] () -- C:\Users\Lovaflex\Desktop\Street Fighter 4.lnk
[2009/11/25 07:31:08 | 00,001,834 | ---- | M] () -- C:\Users\Lovaflex\Desktop\HijackThis.lnk
[2009/11/23 21:39:44 | 00,000,680 | ---- | M] () -- C:\Users\Lovaflex\AppData\Local\d3d9caps.dat
[2009/11/23 21:31:20 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/11/23 21:31:20 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/11/23 21:31:19 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/11/23 21:31:17 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009/11/23 21:24:01 | 00,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2009/11/23 12:31:49 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/11/23 12:31:49 | 00,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/11/23 12:31:49 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/11/23 12:31:14 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/11/23 12:31:13 | 00,009,412 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009/11/23 12:31:13 | 00,001,562 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009/11/23 12:31:13 | 00,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/11/22 18:50:36 | 00,007,586 | ---- | M] () -- C:\ProgramData\N360BUOptions.ini
[2009/11/21 17:56:25 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/11/21 17:55:39 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/20 11:36:34 | 03,568,341 | R--- | M] () -- C:\Users\Lovaflex\Desktop\ComboFix.exe
[2009/11/19 14:15:31 | 00,028,154 | ---- | M] () -- C:\Users\Lovaflex\Documents\Practical 3.docx
[2009/11/19 11:56:51 | 00,036,352 | ---- | M] () -- C:\Users\Lovaflex\Documents\Practical 2.doc
[2009/11/18 14:01:34 | 00,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/18 13:36:32 | 00,001,234 | ---- | M] () -- C:\Users\Lovaflex\Desktop\'Folding@Home'.lnk
[2009/11/18 11:31:42 | 00,312,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/17 20:25:38 | 00,077,768 | ---- | M] () -- C:\Users\Lovaflex\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/17 17:03:10 | 00,077,354 | ---- | M] () -- C:\Windows\hpqins05.dat
[2009/11/17 17:00:48 | 00,001,136 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2009/11/17 11:09:31 | 00,018,175 | ---- | M] () -- C:\Users\Lovaflex\Documents\Assignment.docx
[2009/11/16 10:32:30 | 00,010,611 | ---- | M] () -- C:\Users\Lovaflex\Documents\the ECF will increase but the ICF stays the same because the main component of the ECF is Na so it will increase the fluid outside.docx
[2009/11/14 20:10:04 | 00,291,840 | ---- | M] () -- C:\Users\Lovaflex\Desktop\gmer.exe
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/12 13:44:26 | 00,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/11/11 18:52:43 | 01,242,116 | ---- | M] () -- C:\Users\Lovaflex\Documents\scan0005.jpg
[2009/11/10 22:38:46 | 00,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLovaflex.job
[2009/11/10 22:34:32 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/06 10:59:54 | 15,406,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll
[2009/11/06 10:59:54 | 13,642,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xlivefnt.dll
[2009/11/06 10:58:04 | 00,178,975 | ---- | M] () -- C:\Windows\System32\xlive.dll.cat
[2009/11/02 18:05:36 | 00,167,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xliveinstall.dll
[2009/11/02 18:05:34 | 00,071,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xliveinstallhost.exe
[2009/11/02 08:28:30 | 00,022,148 | ---- | M] () -- C:\Users\Lovaflex\Documents\Practical 1.docx
[2009/11/01 17:32:05 | 00,000,162 | -H-- | M] () -- C:\Users\Lovaflex\Documents\~$actical 1.docx
[2009/10/31 21:22:59 | 00,002,545 | ---- | M] () -- C:\Users\Lovaflex\Desktop\Microsoft Office Excel 2007.lnk
[2009/10/31 14:55:09 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Users\Lovaflex\Documents\*.tmp files -> C:\Users\Lovaflex\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/25 07:31:08 | 00,001,834 | ---- | C] () -- C:\Users\Lovaflex\Desktop\HijackThis.lnk
[2009/11/23 21:26:31 | 01,757,578 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/11/23 12:31:48 | 00,009,402 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\SymNet.cat
[2009/11/23 12:31:48 | 00,001,561 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\SymNet.inf
[2009/11/23 12:31:47 | 00,007,431 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\SymEFA.cat
[2009/11/23 12:31:47 | 00,007,429 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\srtspx.cat
[2009/11/23 12:31:47 | 00,007,425 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\srtsp.cat
[2009/11/23 12:31:47 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\ccHPx86.cat
[2009/11/23 12:31:47 | 00,003,373 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\SymEFA.inf
[2009/11/23 12:31:47 | 00,001,752 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\ccHPx86.inf
[2009/11/23 12:31:47 | 00,001,388 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\srtspx.inf
[2009/11/23 12:31:47 | 00,001,382 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\srtsp.inf
[2009/11/23 12:31:46 | 00,007,400 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\bhdrvx86.cat
[2009/11/23 12:31:46 | 00,000,640 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\BHDrvx86.inf
[2009/11/23 12:31:13 | 00,009,412 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009/11/23 12:31:13 | 00,001,562 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009/11/23 12:31:13 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/11/22 19:01:34 | 00,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/11/22 19:01:34 | 00,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/11/22 19:01:06 | 00,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2009/11/22 18:50:36 | 00,007,586 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/11/21 04:22:40 | 00,291,840 | ---- | C] () -- C:\Users\Lovaflex\Desktop\gmer.exe
[2009/11/20 12:28:34 | 32,168,75520 | -HS- | C] () -- C:\hiberfil.sys
[2009/11/20 11:42:57 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/20 11:42:57 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/20 11:42:57 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/20 11:42:57 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/20 11:42:57 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/20 11:36:33 | 03,568,341 | R--- | C] () -- C:\Users\Lovaflex\Desktop\ComboFix.exe
[2009/11/19 11:56:50 | 00,036,352 | ---- | C] () -- C:\Users\Lovaflex\Documents\Practical 2.doc
[2009/11/18 14:48:34 | 00,028,154 | ---- | C] () -- C:\Users\Lovaflex\Documents\Practical 3.docx
[2009/11/18 14:01:34 | 00,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/11/18 13:36:32 | 00,001,234 | ---- | C] () -- C:\Users\Lovaflex\Desktop\'Folding@Home'.lnk
[2009/11/17 17:00:48 | 00,001,136 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2009/11/17 16:59:03 | 00,077,354 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009/11/16 10:32:29 | 00,010,611 | ---- | C] () -- C:\Users\Lovaflex\Documents\the ECF will increase but the ICF stays the same because the main component of the ECF is Na so it will increase the fluid outside.docx
[2009/11/13 11:27:20 | 00,018,175 | ---- | C] () -- C:\Users\Lovaflex\Documents\Assignment.docx
[2009/11/11 18:52:43 | 01,242,116 | ---- | C] () -- C:\Users\Lovaflex\Documents\scan0005.jpg
[2009/11/11 06:29:03 | 00,002,629 | ---- | C] () -- C:\Users\Lovaflex\Desktop\Microsoft Office PowerPoint 2007.lnk
[2009/11/10 22:34:32 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/11/01 17:32:05 | 00,000,162 | -H-- | C] () -- C:\Users\Lovaflex\Documents\~$actical 1.docx
[2009/10/31 17:24:52 | 00,022,148 | ---- | C] () -- C:\Users\Lovaflex\Documents\Practical 1.docx
[2009/10/31 14:55:09 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/10/04 14:18:48 | 00,000,000 | ---- | C] () -- C:\Users\Lovaflex\AppData\Roaming\wklnhst.dat
[2009/09/20 06:12:26 | 00,002,449 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/07 15:29:44 | 04,455,865 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/09/06 14:52:04 | 00,828,611 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2009/09/02 20:23:04 | 00,183,296 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2009/09/02 20:22:58 | 00,178,688 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2009/09/02 20:22:40 | 00,113,152 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2009/09/02 20:22:10 | 00,257,024 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2009/09/02 20:22:06 | 00,142,848 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2009/09/02 16:38:44 | 00,425,040 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/09/02 16:35:12 | 00,557,003 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/09/02 16:01:48 | 00,146,098 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/08/30 16:20:51 | 00,011,757 | ---- | C] () -- C:\Users\Lovaflex\AppData\Roaming\UserTile.png
[2009/08/25 18:07:36 | 00,328,334 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/27 00:26:10 | 00,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/06/27 00:11:10 | 00,000,269 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/06/20 19:13:18 | 00,829,781 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/06/20 19:13:18 | 00,336,384 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2009/06/20 19:13:16 | 00,117,760 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2009/06/19 19:06:22 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/06/19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/06/02 17:11:26 | 00,098,304 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2009/06/02 17:11:16 | 00,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/05/31 15:06:36 | 00,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/05/31 15:05:52 | 00,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/05/29 15:17:41 | 00,022,328 | ---- | C] () -- C:\Users\Lovaflex\AppData\Roaming\PnkBstrK.sys
[2009/05/28 20:54:26 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/28 21:36:15 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/20 15:48:39 | 00,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2009/03/05 05:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/24 19:55:16 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2009/02/15 23:24:04 | 00,000,680 | ---- | C] () -- C:\Users\Lovaflex\AppData\Local\d3d9caps.dat
[2009/02/07 12:10:20 | 00,229,888 | ---- | C] () -- C:\Users\Lovaflex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/07 10:12:21 | 00,000,000 | ---- | C] () -- C:\Users\Lovaflex\AppData\Local\QSwitch.txt
[2009/02/07 10:12:21 | 00,000,000 | ---- | C] () -- C:\Users\Lovaflex\AppData\Local\DSwitch.txt
[2009/02/07 10:12:21 | 00,000,000 | ---- | C] () -- C:\Users\Lovaflex\AppData\Local\AtStart.txt
[2009/01/10 22:17:32 | 00,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2009/01/10 22:16:56 | 00,148,480 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2009/01/10 22:16:50 | 00,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2009/01/10 22:16:14 | 00,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2009/01/10 22:15:54 | 00,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2009/01/10 22:15:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2009/01/10 22:15:32 | 00,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2009/01/10 22:15:28 | 00,246,784 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2009/01/10 22:15:12 | 00,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2009/01/10 22:14:08 | 00,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2009/01/10 22:14:06 | 00,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/12/03 22:11:50 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/11/06 16:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/28 09:19:10 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/10/13 09:30:20 | 00,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/07/10 17:10:12 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/11/02 12:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/08 17:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004/12/02 15:20:12 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\Windows\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TBTMonUI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:0CE7F3C9
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:8CE646EE
< End of report >

 

Hi

Please do the following.

Upload a File to Virustotal
Please visit Virustotal

• Click the Browse... button
• Navigate to the files one at a time.
  C:\Users\Lovaflex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  C:\Windows\System32\xlive.dll.cat
  C:\Windows\System32\ts.dll
  C:\Windows\System32\mkx.dll
  C:\Windows\System32\mmfinfo.dll
• Click the Open button
• Click the Send button
• Copy and paste the results back here please.

Thanks
Geri

 

File DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3 received on 2009.11.29 13:51:41 (UTC)
Current status: finished
Result: 0/41 (0%)

File xlive.dll.cat received on 2009.11.29 13:56:07 (UTC)
Current status: finished
Result: 0/41 (0%)

File ts.dll received on 2009.11.29 14:02:20 (UTC)
Current status: finished
Result: 0/41 (0%)

File mkx.dll received on 2009.11.29 14:07:45 (UTC)
Current status: finished
Result: 0/41 (0%)

File mmfinfo.dll received on 2009.11.20 12:17:12 (UTC)
Current status: finished
Result: 0/41 (0.00%)

 

Hi

Do you know what these are?

C:\Users\Lovaflex\Documents\Practical 2.doc
C:\Users\Lovaflex\Documents\Practical 3.docx
C:\Users\Lovaflex\Documents\the ECF will increase but the ICF stays the same because the main component of the ECF is Na so it will increase the fluid outside.docx

Geri

 

Yeah, these are reports for my practicals.

 

Hi
OK, I'm still not seeing anything?

Please do this.

Please run your CCleaner then do the following.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Thanks
Geri

 

ANALYSIS: 2009-11-30 11:13:57
PROTECTIONS: 1
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Internet Security Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\lovaflex\appdata\roaming\microsoft\windows\cookies\low\lovaflex@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\lovaflex\appdata\roaming\microsoft\windows\cookies\lovaflex@atdmt[2].txt
03738741 Generic Malware Virus/Trojan No 0 Yes No c:\users\lovaflex\downloads\cryptload\ocr\netload.in\asmcaptcha\test.exe
05241074 Generic Trojan Virus/Trojan No 0 No No c:\swsetup\sp43325\data1.cab[cl264dec.ax]
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

Hi
OK please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

Code:

KillAll::
DirLook::
c:\users\lovaflex\downloads\cryptload
c:\swsetup\sp43325 

Please post the Combofix log.

And also this.

Please visit Virustotal

• Click the Browse... button
• Navigate to the files one at a time.
  c:\users\lovaflex\downloads\cryptload\ocr\netload.in\asmcaptcha\test.exe
  c:\swsetup\sp43325\data1.cab
• Click the Open button
• Click the Send button
• Copy and paste the results back here please.

Geri