Solved Trojan/Spyware...IE not working

[Resolved] Trojan/Spyware...IE not working

Hello All,
First of all I would like to tell you that im new to this forum and already it has been such a big help.
This is what happened:

While watching a video online some spyware/trojan was downloaded on my computer. I have mcafee but it is an old version. The spyware didnt allow me to use any program. It would simply have a small baloon in the taskbar saying that so and so file is infected, click here to fix now. If you click there, it opened Internet Explorer and directed you to some random anti spyware site.It also didnt allow me to open any other site.(msn messenger etc were connected)

Somehow i managed to get the task manager opened and noticed that alot of processess were run under the name of WmiPrcSE.exe...(3 or 4). I put an end to those processes. Since then the pop up is gone but Internet Explorer is still not opening any site. It is just showing me 'page cant be displayed'

I then used Malwarebytes and did a scan (report is attached). It found some Fraudpack Trojan. McAfee didnt find anything. I ran Malwarebytes again but it came up clean.

I was hoping that you guys can help me out by:
1) Making the Internet Explorer work (ver 8)
2) Ensuring that there is no other virus/trojan/spyware left in the system

I have attached the reports from DDS and Malwarebytes
If you need any other information, I will be glad to provide it

On a side note, the computer seems to work fine(I can open the task manager, run etc etc) except the internet explorer



DDS LOG:

DDS (Ver_10-03-17.01) - NTFSx86
Run by admin at 0:20:23.61 on 06/05/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.2.1033.18.2037.780 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WUDFHost.exe
G:\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080809
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe "
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-8 201320]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_238116a1\AEstSrv.exe [2008-8-8 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-8-8 358224]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-8-8 144704]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-2-5 742144]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-12-16 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-8 111616]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-6-12 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-8-8 203264]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-8-8 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-8 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-8 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-8 40488]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
S?4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-5-5 38224]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-8 33832]

=============== Created Last 30 ================

2010-05-06 02:36:32 0 d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2010-05-06 02:36:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 02:36:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 02:36:21 0 d-----w- c:\programdata\Malwarebytes
2010-05-06 02:36:20 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 22:31:19 0 d-----w- c:\program files\YouTube Downloader
2010-04-22 19:59:30 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-04-22 19:59:30 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-04-22 19:59:03 0 d-----w- c:\programdata\Nitro PDF
2010-04-22 19:59:03 0 d-----w- c:\program files\common files\Nitro PDF
2010-04-22 19:59:02 0 d-----w- c:\program files\Nitro PDF
2010-04-22 19:56:30 0 d-----w- c:\users\admin\appdata\roaming\Downloaded Installations
2010-04-22 14:20:35 0 d-----w- c:\programdata\HP Product Assistant
2010-04-22 14:13:14 121373 ------w- c:\windows\HPHins15.dat.temp
2010-04-22 14:13:13 2885 ------w- c:\windows\hphmdl15.dat.temp
2010-04-22 14:13:01 267864 ----a-w- c:\windows\system32\hpzids01.dll
2010-04-14 14:55:49 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 14:55:49 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 14:55:48 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 14:55:42 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 14:55:42 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 14:55:39 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 14:55:37 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 14:55:36 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 14:55:34 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 14:55:31 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 14:55:31 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 14:55:01 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 14:54:38 98304 ----a-w- c:\windows\system32\cabview.dll

==================== Find3M ====================

2010-04-30 05:18:23 106092 ----a-w- c:\windows\fonts\Catull.ttf
2010-04-22 14:22:34 137409 ----a-w- c:\windows\HPHins15.dat
2010-04-22 14:17:37 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-22 14:17:37 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-22 14:17:36 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-07 00:56:53 148942 ----a-w- c:\windows\hpoins19.dat
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-15 23:39:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-09 01:11:40 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-15 18:49:32 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-10-15 18:49:32 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-10-15 18:49:32 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-15 18:49:32 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-08-09 02:10:26 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:23:51.84 ===============

ATTACH LOG:


DDS (Ver_10-03-17.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 08/08/2008 2:17:23 PM
System Uptime: 05/05/2010 10:52:05 PM (2 hours ago)

Motherboard: Dell Inc. | | 0M263C
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 2000/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 134.224 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.573 GiB free.
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

1400
1400_Help
1400Trb
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Advanced Audio FX Engine
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Broadcom Gigabit NetLink Controller
Browser Address Error Redirector
BufferChm
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco NAC Agent
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Copy
D1400
D1400_Help
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Video Chat (remove only)
Dell Webcam Central
Dell Wireless WLAN Card Utility
Destinations
DeviceDiscovery
DivX Web Player
dj_sf_ProductContext
dj_sf_software
dj_sf_software_req
DocProc
DocProcQFolder
EDocs
Fax
FXCM Trading Station
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet Printer Driver Software 9.0
HP Imaging Device Functions 9.0
HP OCR Software 8.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Solution Center 9.0
HPProductAssistant
Integrated Webcam Driver (1.06.03.0309)
Intel(R) Matrix Storage Manager
ITECIR Driver
Java Auto Updater
Java DB 10.4.2.1
Java(TM) 6 Update 19
Java(TM) 6 Update 5
Java(TM) SE Development Kit 6 Update 16
Junk Mail filter update
Malwarebytes' Anti-Malware
MATLAB R2007b
Maxwell SV Version 9.0
McAfee SecurityCenter
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetBeans IDE 6.7.1
Nitro PDF Professional
PanoStandAlone
PC Inspector File Recovery
PC Suite for Sony Ericsson
PSpice Student 9.1
PSSWCORE
QuickSet
Recuva
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skypeâ„¢ 4.1
SolutionCenter
Sony Ericsson Symbian 9 Drivers
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
VC80CRTRedist - 8.0.50727.762
VideoToolkit01
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
YouTube Downloader 2.5.4

==== End Of File ===========================

Malwarebytes LOG:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4070

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

05/05/2010 10:49:16 PM
mbam-log-2010-05-05 (22-49-16).txt

Scan type: Quick scan
Objects scanned: 125283
Time elapsed: 11 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\itgoanyt (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\admin\AppData\Local\dkldedmmy\iqgkvhitssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.


Appreciate everyones help in this matter!!
Regards
Omee

 

Hi and welcome .

Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

 

thanks for your quick response,

Just to let you know, I reset the IE using microsofts reset tool. It is running fine now. Im now concerned about any seconday infections...

AS far as the HJT goes, On the start of the scan, it is giving me an error:

'For some reason your system denied write access to the Host file.If any Hijacked domains are in the file, HijackThis may not be able to fix this.
For Vista, simply right click and say 'Run as Administrator''

On top of that, at the end of the scan, the report pops up, but is empty.Notepad contains nothing in it.

I dont understand whats the problem since I am the admin?? and I am not getting the option of 'Run as admin'...any help on this would be appreciated

 

Try this instead;

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

OTL:
OTL logfile created on: 06/05/2010 6:40:35 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 140.20 Gb Free Space | 62.85% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.57 Gb Free Space | 57.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-PC
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/06 16:58:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/02/05 18:29:12 | 000,454,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/07/17 23:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/26 07:10:06 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/06/26 07:10:00 | 000,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe
PRC - [2008/06/26 07:09:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe
PRC - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 16:58:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/08 19:39:59 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/06/26 07:10:00 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe -- (STacSV)
SRV - [2008/06/26 07:09:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe -- (AESTFilters)
SRV - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/06/12 09:38:42 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/03/08 17:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/11/17 08:29:12 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/11/17 08:29:08 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/26 07:10:08 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/03/11 02:44:12 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/03/11 02:42:24 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/03/11 02:27:52 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/11 02:26:52 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/03/11 02:24:46 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/03/11 02:24:44 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/03/11 02:24:42 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/03/11 02:22:44 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/15 12:44:14 | 000,091,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrsce.sys -- (zebrsce)
DRV - [2008/01/15 12:44:12 | 000,109,568 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrmdmc.sys -- (zebrmdmc) Sony Ericsson mRouter Port (WDM)
DRV - [2008/01/15 12:44:12 | 000,109,568 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrmdm.sys -- (zebrmdm) Sony Ericsson Port (WDM)
DRV - [2008/01/15 12:44:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrmdfl.sys -- (zebrmdfl)
DRV - [2008/01/15 12:44:08 | 000,083,200 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrbus.sys -- (zebrbus)
DRV - [2008/01/15 12:44:08 | 000,063,360 | ---- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\zebrceb.sys -- (zebrceb) Sony Ericsson Cable Emulation Bus (WDM)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080809
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 22:34:27 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/06 16:58:26 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2010/05/06 14:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/06 13:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/05 22:36:32 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2010/05/05 22:36:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/05 22:36:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/05 22:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/05 22:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/05 03:00:58 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\dkldedmmy
[2010/05/04 23:35:35 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Econ 1BB3
[2010/05/04 23:34:40 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Econ 1B03
[2010/05/03 02:18:39 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\CUTC Pics
[2010/05/01 18:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010/05/01 17:59:47 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\English music
[2010/04/30 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\MUSIC
[2010/04/22 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Nitro PDF
[2010/04/22 15:59:30 | 000,026,432 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon.dll
[2010/04/22 15:59:30 | 000,017,728 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui.dll
[2010/04/22 15:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2010/04/22 15:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2010/04/22 15:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/04/22 15:56:30 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Downloaded Installations
[2010/04/22 10:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/04/03 22:53:46 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Sony Ericsson W960i
[2010/03/30 21:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/20 12:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Candleworks
[2010/03/11 00:12:02 | 000,000,000 | ---D | C] -- C:\Users\admin\Maxwell
[2010/03/11 00:04:32 | 000,000,000 | ---D | C] -- C:\Ansoft
[2010/03/03 18:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/03/03 18:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/02/22 10:57:50 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\My Scans
[2010/02/19 11:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/02/19 11:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco
[2010/02/07 20:04:48 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\THREED32.OCX
[2010/02/07 20:04:48 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bdao.dll
[2010/02/07 20:04:48 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2irdao.dll
[2010/02/07 20:04:48 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2ctdao.dll
[2010/02/07 20:04:47 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\crpe32.dll
[2010/02/07 20:04:47 | 000,416,768 | ---- | C] (Seagate Software) -- C:\Windows\System32\cpeaut32.dll
[2010/02/07 20:04:47 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\Windows\System32\crpaig32.dll
[2010/02/07 20:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
[2010/02/07 20:04:45 | 000,000,000 | ---D | C] -- C:\Windows\Crystal

========== Files - Modified Within 90 Days ==========

[2010/05/06 18:45:19 | 004,194,304 | -HS- | M] () -- C:\Users\admin\ntuser.dat
[2010/05/06 17:44:14 | 000,700,548 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/06 17:44:14 | 000,605,072 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/06 17:44:14 | 000,110,354 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/06 17:24:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/06 16:58:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2010/05/06 16:55:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/06 16:55:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/06 16:55:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/06 16:55:29 | 2134,900,736 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/06 16:08:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/06 16:08:44 | 000,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/06 16:08:44 | 000,065,536 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/06 16:08:32 | 002,233,783 | -H-- | M] () -- C:\Users\admin\AppData\Local\IconCache.db
[2010/05/06 14:02:21 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/05/06 14:01:47 | 000,001,356 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2010/05/06 13:48:59 | 000,002,523 | ---- | M] () -- C:\Users\admin\Desktop\HiJackThis.lnk
[2010/05/06 13:05:08 | 001,402,880 | ---- | M] () -- C:\Users\admin\Desktop\HiJackThis.msi
[2010/05/05 22:36:26 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 01:16:14 | 000,089,105 | ---- | M] () -- C:\Users\admin\Desktop\Resume-Omar Siddiqui.pdf
[2010/05/03 21:46:16 | 014,621,517 | ---- | M] () -- C:\Users\admin\Desktop\Econ 1bb3 notes.zip
[2010/05/01 18:37:17 | 020,617,414 | ---- | M] () -- C:\Users\admin\Desktop\Veronica - SONIYA
[2010/05/01 18:31:21 | 000,000,921 | ---- | M] () -- C:\Users\admin\Desktop\YouTube Downloader.lnk
[2010/05/01 18:30:46 | 003,105,415 | ---- | M] () -- C:\Users\admin\Desktop\YouTubeDownloaderSetup254.exe
[2010/05/01 18:13:48 | 001,534,080 | ---- | M] () -- C:\Users\admin\Desktop\soniyamuftibrothers.mp3
[2010/05/01 01:22:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2010/04/30 09:51:38 | 000,335,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/30 01:19:37 | 000,088,560 | ---- | M] () -- C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 13:26:29 | 000,042,496 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 15:59:27 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Nitro PDF Professional.lnk
[2010/04/22 10:22:34 | 000,137,409 | ---- | M] () -- C:\Windows\HPHins15.dat
[2010/04/10 02:34:43 | 000,090,861 | ---- | M] () -- C:\Users\admin\Desktop\cover_Letter_Resume_Ministry of Transport.pdf
[2010/04/10 01:49:57 | 000,062,613 | ---- | M] () -- C:\Users\admin\Desktop\cover_Letter_Omar Siddiqui.pdf
[2010/04/02 22:43:30 | 000,152,548 | ---- | M] () -- C:\Users\admin\Documents\reciept.jpg
[2010/03/31 01:06:41 | 000,002,627 | ---- | M] () -- C:\Users\admin\Desktop\Microsoft Office Word 2007.lnk
[2010/03/20 21:09:32 | 000,189,853 | ---- | M] () -- C:\Users\admin\Desktop\Time Table Term 2.jpg
[2010/03/20 12:21:47 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2010/03/11 00:05:33 | 000,000,315 | ---- | M] () -- C:\Windows\win.ini
[2010/03/06 20:56:53 | 000,148,942 | ---- | M] () -- C:\Windows\hpoins19.dat
[2010/02/27 19:29:24 | 000,000,036 | ---- | M] () -- C:\Users\admin\AppData\Local\housecall.guid.cache
[2010/02/09 18:20:28 | 000,005,378 | ---- | M] () -- C:\Windows\PSPICEEV.INI
[2010/02/06 01:59:41 | 001,739,086 | ---- | M] () -- C:\Users\admin\Documents\userguide_bb9000_umts.pdf

========== Files Created - No Company Name ==========

[2010/05/06 14:02:21 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/05/06 13:13:17 | 000,002,523 | ---- | C] () -- C:\Users\admin\Desktop\HiJackThis.lnk
[2010/05/06 13:05:04 | 001,402,880 | ---- | C] () -- C:\Users\admin\Desktop\HiJackThis.msi
[2010/05/05 22:36:26 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/05 09:12:24 | 2134,900,736 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/03 21:46:08 | 014,621,517 | ---- | C] () -- C:\Users\admin\Desktop\Econ 1bb3 notes.zip
[2010/05/01 18:37:13 | 020,617,414 | ---- | C] () -- C:\Users\admin\Desktop\Veronica - SONIYA
[2010/05/01 18:31:21 | 000,000,921 | ---- | C] () -- C:\Users\admin\Desktop\YouTube Downloader.lnk
[2010/05/01 18:30:36 | 003,105,415 | ---- | C] () -- C:\Users\admin\Desktop\YouTubeDownloaderSetup254.exe
[2010/05/01 18:13:45 | 001,534,080 | ---- | C] () -- C:\Users\admin\Desktop\soniyamuftibrothers.mp3
[2010/04/22 15:59:27 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Nitro PDF Professional.lnk
[2010/04/22 10:13:14 | 000,121,373 | ---- | C] () -- C:\Windows\HPHins15.dat.temp
[2010/04/22 10:13:13 | 000,002,885 | ---- | C] () -- C:\Windows\hphmdl15.dat.temp
[2010/04/10 02:34:43 | 000,090,861 | ---- | C] () -- C:\Users\admin\Desktop\cover_Letter_Resume_Ministry of Transport.pdf
[2010/04/10 01:49:20 | 000,062,613 | ---- | C] () -- C:\Users\admin\Desktop\cover_Letter_Omar Siddiqui.pdf
[2010/04/02 22:43:30 | 000,152,548 | ---- | C] () -- C:\Users\admin\Documents\reciept.jpg
[2010/04/02 16:51:11 | 000,089,105 | ---- | C] () -- C:\Users\admin\Desktop\Resume-Omar Siddiqui.pdf
[2010/03/20 12:21:47 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2010/02/27 19:29:24 | 000,000,036 | ---- | C] () -- C:\Users\admin\AppData\Local\housecall.guid.cache
[2010/02/07 20:04:49 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2010/02/07 20:04:47 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2010/02/07 20:04:47 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2010/02/07 20:04:47 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2010/02/07 20:04:47 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2010/02/07 20:04:47 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2010/02/07 20:04:47 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2010/02/07 20:04:47 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2010/02/07 20:04:47 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2010/02/07 20:04:47 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2010/02/07 20:04:47 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2010/02/07 20:04:47 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2010/02/07 20:04:47 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2010/02/07 20:04:47 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2010/02/07 20:04:47 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2010/02/07 20:04:47 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2010/02/07 20:04:47 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2010/02/06 01:59:41 | 001,739,086 | ---- | C] () -- C:\Users\admin\Documents\userguide_bb9000_umts.pdf
[2009/10/18 21:13:00 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/08/31 16:10:09 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/07/29 13:46:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008/08/08 22:11:51 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/08/08 22:11:51 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/08 19:30:28 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/09/14 12:08:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CiscoCAA
[2010/04/22 15:56:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Downloaded Installations
[2010/04/22 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nitro PDF
[2010/02/15 12:56:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Teleca
[2010/05/06 16:08:48 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 22:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 02:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 22:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[1999/10/02 10:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Program Files\MATLAB\R2007b\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/09/30 00:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2008/03/11 02:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Drivers\storage\R180982\iastor.sys
[2008/03/11 02:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2008/03/11 02:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2008/03/11 02:44:12 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
[2007/09/30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 22:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 22:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/11/17 08:29:10 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/02/23 02:33:44 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< End of report >

Extras in the next post

 

Extras:
OTL Extras logfile created on: 06/05/2010 6:40:35 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 140.20 Gb Free Space | 62.85% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.57 Gb Free Space | 57.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-PC
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{47DC5CC3-3806-4A8B-A668-A483F48BBEEC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BC617A1B-B8ED-4044-BE73-DCE423C5A880}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FC6D15F6-4B4D-4104-82E8-A81172CFDCBB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E5E779-3119-4288-AF42-D143379ECCFB}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{0F323B96-BB90-4E6C-80F1-203228F290DB}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{3B852F3C-9C47-44C8-A1D1-16524EEC3AFA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6B97E242-12BC-4BFB-94A4-C062DFC24603}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{6FD0E8E7-A00F-47B0-B62A-7DAAC96AF4FD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{95A9834D-1CC4-4EF5-BDC0-59C16FFCFAFC}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{C76A8C01-68FD-43B3-A30F-E96DBB072DC4}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{E8EFE889-E41D-4D9A-A209-DF5225212767}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD3126CC-1541-4591-B9B8-81C652997B7B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FD97B776-6565-417C-9FE7-E82A800CE29C}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"TCP Query User{2EE3B91D-8E4A-4646-84E5-A3F1E063A603}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{65B2A213-3508-4B14-8206-174D682668F1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{6B246170-C84C-4C2C-9202-B99D31FD39C6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{88005F61-47CD-49C9-A684-AF93D0386DE6}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{ADC1A7C0-DA39-4ADF-A800-C0FAF9D0A3CE}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{CCA6808D-EB73-46DC-9494-35A096B3C94B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{271FD288-AFE6-47A3-AE8A-7E27C2E83D8E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{3955E7F3-02F5-47CD-9C7A-0F215657B4F0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{6F05E84E-BF51-4580-8854-0C19433014A8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{90CE6530-A42C-4128-A454-709AA8E2AE05}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{B835CB50-36F0-454F-A3C6-8A6C66B1747A}C:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{C01A7A1F-3FB1-4D12-B48C-D41ABE56A741}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02548730-180A-487e-A726-A75CB6650AF7}" = D1400
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1E14CAA4-A544-11D6-80A8-006097DB005E}" = Maxwell SV Version 9.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 19
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5D17D8A0-5DA5-4F8F-8F25-3D5CDAFA1E71}" = Nitro PDF Professional
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6632ABC5-9AEE-4243-9086-FB358DB58147}" = Cisco NAC Agent
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AD501749-CD49-499A-AD54-51DC42A57434}" = PC Suite for Sony Ericsson
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{EFE673F6-688A-42ed-9C6C-9DD8CF5A9B89}" = D1400_Help
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"FXCM Trading Station" = FXCM Trading Station
"GoToAssist" = GoToAssist 8.0.0.514
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2007b" = MATLAB R2007b
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"nbi-nb-base-6.7.1.0.0" = NetBeans IDE 6.7.1
"PROR" = Microsoft Office Professional 2007
"PSpice Student" = PSpice Student 9.1
"Recuva" = Recuva
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/05/2010 5:21:06 PM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 01/05/2010 6:38:47 PM | Computer Name = admin-PC | Source = Application Hang | ID = 1002
Description = The program YouTubeDownloader.exe version 2.5.0.4 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1950 Start Time: 01cae97e10040846 Termination Time: 42

Error - 01/05/2010 7:55:51 PM | Computer Name = admin-PC | Source = VSS | ID = 8194
Description =

Error - 01/05/2010 8:11:46 PM | Computer Name = admin-PC | Source = EventSystem | ID = 4622
Description =

Error - 01/05/2010 9:32:21 PM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/05/2010 11:49:52 AM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/05/2010 3:10:02 PM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/05/2010 12:18:42 PM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 03/05/2010 6:47:39 PM | Computer Name = admin-PC | Source = WinMgmt | ID = 10
Description =

Error - 04/05/2010 1:17:02 AM | Computer Name = admin-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module SHELL32.dll, version 6.0.6002.18005, time stamp 0x49e037ec,
exception code 0xc0000005, fault offset 0x00091ce9, process id 0xcf8, application
start time 0x01caeb32153242a0.

[ Media Center Events ]
Error - 11/09/2009 10:17:48 PM | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 07/10/2009 6:56:02 PM | Computer Name = admin-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 20/04/2010 2:37:35 PM | Computer Name = admin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 47
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/05/2010 9:32:14 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 05/05/2010 9:34:47 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 05/05/2010 9:34:52 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 05/05/2010 9:34:56 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 05/05/2010 9:34:56 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 05/05/2010 9:34:56 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 05/05/2010 9:36:57 AM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 05/05/2010 10:35:38 PM | Computer Name = admin-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 05/05/2010 10:51:24 PM | Computer Name = admin-PC | Source = DCOM | ID = 10010
Description =

Error - 05/05/2010 10:51:24 PM | Computer Name = admin-PC | Source = DCOM | ID = 10010
Description =


< End of report >


Thanks alot

 

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5555
  
  :Files
  C:\Users\admin\AppData\Local\dkldedmmy
  
  :Commands
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top
• Let the program run unhindered, reboot the PC when it is done.
• Post the log from the above fix.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

Hello there, thanks for all your help,

I would appreciate it if you can explain to me whats going on as I also would like to you this opportunity to learn more about malware and the way they work. Seems to me you have a hunch.

Btw after it ran the quick fix, and started the re-boot. It was stuck on the logging off screen for more than 30 min. I had to manually turn it off and back on again.

Here is the log after i ran the Quick Fix:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== FILES ==========
C:\Users\admin\AppData\Local\dkldedmmy folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 2027684729 bytes
->Temporary Internet Files folder emptied: 492601754 bytes
->Java cache emptied: 55846622 bytes
->Flash cache emptied: 2127776 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33227592 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 325311261 bytes

Total Files Cleaned = 2,801.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.4.1 log created on 05072010_004752

Files\Folders moved on Reboot...
File\Folder C:\Users\admin\AppData\Local\Temp\~DF56.tmp not found!
File\Folder C:\Users\admin\AppData\Local\Temp\~DF61.tmp not found!
File\Folder C:\Users\admin\AppData\Local\Temp\~DFBE.tmp not found!
File\Folder C:\Users\admin\AppData\Local\Temp\~DFC9.tmp not found!
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZWD4ZYR8\ads[5].htm moved successfully.
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZWD4ZYR8\afr[1].htm moved successfully.
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZWD4ZYR8\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DNV3E6RA\92821-active-trojan-spyware-ie-not-working[1].html moved successfully.
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C74XS7WB\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AIPRJEXX\ads[3].htm moved successfully.

Registry entries deleted on Reboot...




This is the log file after:
OTL logfile created on: 07/05/2010 1:10:12 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 141.21 Gb Free Space | 63.30% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.57 Gb Free Space | 57.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADMIN-PC
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/06 16:58:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/02/05 18:29:12 | 000,454,400 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
PRC - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/09 18:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
PRC - [2009/07/17 23:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/26 07:10:06 | 000,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/06/26 07:10:00 | 000,221,273 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe
PRC - [2008/06/26 07:09:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe
PRC - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 16:58:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/02/05 18:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/12/16 10:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/12/16 10:09:04 | 000,188,736 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe -- (NitroDriverReadSpool)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/08 19:39:59 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/06/26 07:10:00 | 000,221,273 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\stacsv.exe -- (STacSV)
SRV - [2008/06/26 07:09:50 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe -- (AESTFilters)
SRV - [2008/04/28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/12/02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/06/12 09:38:42 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009/03/08 17:06:00 | 000,280,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/03/06 07:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2008/11/17 08:29:12 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/11/17 08:29:08 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/26 07:10:08 | 000,380,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/03/11 02:44:12 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/03/11 02:42:24 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/03/11 02:27:52 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/11 02:26:52 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/03/11 02:24:46 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/03/11 02:24:44 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/03/11 02:24:42 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/03/11 02:22:44 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/15 12:44:14 | 000,091,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrsce.sys -- (zebrsce)
DRV - [2008/01/15 12:44:12 | 000,109,568 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrmdmc.sys -- (zebrmdmc) Sony Ericsson mRouter Port (WDM)
DRV - [2008/01/15 12:44:12 | 000,109,568 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrmdm.sys -- (zebrmdm) Sony Ericsson Port (WDM)
DRV - [2008/01/15 12:44:10 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrmdfl.sys -- (zebrmdfl)
DRV - [2008/01/15 12:44:08 | 000,083,200 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zebrbus.sys -- (zebrbus)
DRV - [2008/01/15 12:44:08 | 000,063,360 | ---- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\zebrceb.sys -- (zebrceb) Sony Ericsson Cable Emulation Bus (WDM)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080809
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2010/05/07 00:54:06 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/07 00:47:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/06 16:58:26 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2010/05/06 14:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/06 13:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/05 22:36:32 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2010/05/05 22:36:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/05 22:36:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/05 22:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/05 22:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/04 23:35:35 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Econ 1BB3
[2010/05/04 23:34:40 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Econ 1B03
[2010/05/03 02:18:39 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\CUTC Pics
[2010/05/01 18:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010/05/01 17:59:47 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\English music
[2010/04/30 17:34:47 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\MUSIC
[2010/04/22 16:00:20 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Nitro PDF
[2010/04/22 15:59:30 | 000,026,432 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon.dll
[2010/04/22 15:59:30 | 000,017,728 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui.dll
[2010/04/22 15:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2010/04/22 15:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2010/04/22 15:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/04/22 15:56:30 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Downloaded Installations
[2010/04/22 10:20:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2010/04/03 22:53:46 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Sony Ericsson W960i
[2010/03/30 21:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/20 12:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Candleworks
[2010/03/11 00:12:02 | 000,000,000 | ---D | C] -- C:\Users\admin\Maxwell
[2010/03/11 00:04:32 | 000,000,000 | ---D | C] -- C:\Ansoft
[2010/03/03 18:53:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/03/03 18:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/02/22 10:57:50 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\My Scans
[2010/02/19 11:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco
[2010/02/19 11:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco
[2010/02/07 20:04:48 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\System32\THREED32.OCX
[2010/02/07 20:04:48 | 000,105,984 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bdao.dll
[2010/02/07 20:04:48 | 000,064,000 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2irdao.dll
[2010/02/07 20:04:48 | 000,054,272 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2ctdao.dll
[2010/02/07 20:04:47 | 003,572,224 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\crpe32.dll
[2010/02/07 20:04:47 | 000,416,768 | ---- | C] (Seagate Software) -- C:\Windows\System32\cpeaut32.dll
[2010/02/07 20:04:47 | 000,183,296 | ---- | C] (Seagate Software, Information Management Group, Inc.) -- C:\Windows\System32\crpaig32.dll
[2010/02/07 20:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\OrCAD_Demo
[2010/02/07 20:04:45 | 000,000,000 | ---D | C] -- C:\Windows\Crystal

========== Files - Modified Within 90 Days ==========

[2010/05/07 01:10:12 | 004,194,304 | -HS- | M] () -- C:\Users\admin\ntuser.dat
[2010/05/07 01:07:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/07 01:07:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/07 01:07:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/07 01:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/07 01:07:06 | 2136,973,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/07 00:54:06 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/05/07 00:40:37 | 000,605,072 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/07 00:40:36 | 000,700,548 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/07 00:40:36 | 000,110,354 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/06 20:31:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/05/06 20:31:40 | 000,524,288 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/06 20:31:40 | 000,065,536 | -HS- | M] () -- C:\Users\admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/06 20:31:24 | 002,234,631 | -H-- | M] () -- C:\Users\admin\AppData\Local\IconCache.db
[2010/05/06 16:58:43 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2010/05/06 14:02:21 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/05/06 14:01:47 | 000,001,356 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2010/05/06 13:48:59 | 000,002,523 | ---- | M] () -- C:\Users\admin\Desktop\HiJackThis.lnk
[2010/05/06 13:05:08 | 001,402,880 | ---- | M] () -- C:\Users\admin\Desktop\HiJackThis.msi
[2010/05/05 22:36:26 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 01:16:14 | 000,089,105 | ---- | M] () -- C:\Users\admin\Desktop\Resume-Omar Siddiqui.pdf
[2010/05/03 21:46:16 | 014,621,517 | ---- | M] () -- C:\Users\admin\Desktop\Econ 1bb3 notes.zip
[2010/05/01 18:37:17 | 020,617,414 | ---- | M] () -- C:\Users\admin\Desktop\Veronica - SONIYA
[2010/05/01 18:31:21 | 000,000,921 | ---- | M] () -- C:\Users\admin\Desktop\YouTube Downloader.lnk
[2010/05/01 18:30:46 | 003,105,415 | ---- | M] () -- C:\Users\admin\Desktop\YouTubeDownloaderSetup254.exe
[2010/05/01 18:13:48 | 001,534,080 | ---- | M] () -- C:\Users\admin\Desktop\soniyamuftibrothers.mp3
[2010/05/01 01:22:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2010/04/30 09:51:38 | 000,335,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/30 01:19:37 | 000,088,560 | ---- | M] () -- C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 13:26:29 | 000,042,496 | ---- | M] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/22 15:59:27 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Nitro PDF Professional.lnk
[2010/04/22 10:22:34 | 000,137,409 | ---- | M] () -- C:\Windows\HPHins15.dat
[2010/04/10 02:34:43 | 000,090,861 | ---- | M] () -- C:\Users\admin\Desktop\cover_Letter_Resume_Ministry of Transport.pdf
[2010/04/10 01:49:57 | 000,062,613 | ---- | M] () -- C:\Users\admin\Desktop\cover_Letter_Omar Siddiqui.pdf
[2010/04/02 22:43:30 | 000,152,548 | ---- | M] () -- C:\Users\admin\Documents\reciept.jpg
[2010/03/31 01:06:41 | 000,002,627 | ---- | M] () -- C:\Users\admin\Desktop\Microsoft Office Word 2007.lnk
[2010/03/20 21:09:32 | 000,189,853 | ---- | M] () -- C:\Users\admin\Desktop\Time Table Term 2.jpg
[2010/03/20 12:21:47 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2010/03/11 00:05:33 | 000,000,315 | ---- | M] () -- C:\Windows\win.ini
[2010/03/06 20:56:53 | 000,148,942 | ---- | M] () -- C:\Windows\hpoins19.dat
[2010/02/27 19:29:24 | 000,000,036 | ---- | M] () -- C:\Users\admin\AppData\Local\housecall.guid.cache
[2010/02/09 18:20:28 | 000,005,378 | ---- | M] () -- C:\Windows\PSPICEEV.INI
[2010/02/06 01:59:41 | 001,739,086 | ---- | M] () -- C:\Users\admin\Documents\userguide_bb9000_umts.pdf

========== Files Created - No Company Name ==========

[2010/05/06 14:02:21 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/05/06 13:13:17 | 000,002,523 | ---- | C] () -- C:\Users\admin\Desktop\HiJackThis.lnk
[2010/05/06 13:05:04 | 001,402,880 | ---- | C] () -- C:\Users\admin\Desktop\HiJackThis.msi
[2010/05/05 22:36:26 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/05 09:12:24 | 2136,973,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/03 21:46:08 | 014,621,517 | ---- | C] () -- C:\Users\admin\Desktop\Econ 1bb3 notes.zip
[2010/05/01 18:37:13 | 020,617,414 | ---- | C] () -- C:\Users\admin\Desktop\Veronica - SONIYA
[2010/05/01 18:31:21 | 000,000,921 | ---- | C] () -- C:\Users\admin\Desktop\YouTube Downloader.lnk
[2010/05/01 18:30:36 | 003,105,415 | ---- | C] () -- C:\Users\admin\Desktop\YouTubeDownloaderSetup254.exe
[2010/05/01 18:13:45 | 001,534,080 | ---- | C] () -- C:\Users\admin\Desktop\soniyamuftibrothers.mp3
[2010/04/22 15:59:27 | 000,001,912 | ---- | C] () -- C:\Users\Public\Desktop\Nitro PDF Professional.lnk
[2010/04/22 10:13:14 | 000,121,373 | ---- | C] () -- C:\Windows\HPHins15.dat.temp
[2010/04/22 10:13:13 | 000,002,885 | ---- | C] () -- C:\Windows\hphmdl15.dat.temp
[2010/04/10 02:34:43 | 000,090,861 | ---- | C] () -- C:\Users\admin\Desktop\cover_Letter_Resume_Ministry of Transport.pdf
[2010/04/10 01:49:20 | 000,062,613 | ---- | C] () -- C:\Users\admin\Desktop\cover_Letter_Omar Siddiqui.pdf
[2010/04/02 22:43:30 | 000,152,548 | ---- | C] () -- C:\Users\admin\Documents\reciept.jpg
[2010/04/02 16:51:11 | 000,089,105 | ---- | C] () -- C:\Users\admin\Desktop\Resume-Omar Siddiqui.pdf
[2010/03/20 12:21:47 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2010/02/27 19:29:24 | 000,000,036 | ---- | C] () -- C:\Users\admin\AppData\Local\housecall.guid.cache
[2010/02/07 20:04:49 | 000,005,378 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2010/02/07 20:04:47 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2010/02/07 20:04:47 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2010/02/07 20:04:47 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2010/02/07 20:04:47 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2010/02/07 20:04:47 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2010/02/07 20:04:47 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2010/02/07 20:04:47 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2010/02/07 20:04:47 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2010/02/07 20:04:47 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2010/02/07 20:04:47 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2010/02/07 20:04:47 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2010/02/07 20:04:47 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2010/02/07 20:04:47 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2010/02/07 20:04:47 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2010/02/07 20:04:47 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2010/02/07 20:04:47 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2010/02/06 01:59:41 | 001,739,086 | ---- | C] () -- C:\Users\admin\Documents\userguide_bb9000_umts.pdf
[2009/10/18 21:13:00 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/08/31 16:10:09 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/07/29 13:46:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008/08/08 22:11:51 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/08/08 22:11:51 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/08 19:30:28 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/09/14 12:08:42 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\CiscoCAA
[2010/04/22 15:56:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Downloaded Installations
[2010/04/22 16:00:20 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Nitro PDF
[2010/02/15 12:56:37 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Teleca
[2010/05/06 20:31:49 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

 

Log looks ok now. You were infected with a trojan that was able to modify your proxy settings. Those settings have now been reset.
How is the pc at the moment?

 

Thank you very much for your help.
Computer is ok. Just that the startup and shutdown are a bit slower.I will have to live with that i guess
Can I now uninstall OTC and HJT??
And any tips/programs that you recommend to prevent this happening in the future would greatly be appreciated.
Thanks once again
Regards
omee

 

We just have one more step to do to be certain you are clear.

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
  [*] Archives
  [*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

==

I would highly recommend MalwareBytesAnti-Malware. Update it each time you run it and it will catch most of the nasties getting around.

We will remove the other stuff after your scan comes back clear.

 

This is the report from Kaspersky. It found an infected file in the clonecd setup file. Since it didnt give me an offer to remove, I deleted it myself:

Friday, May 7, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, May 07, 2010 19:00:52
Records in database: 4084315


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
E:\

Scan statistics
Objects scanned 279236
Threats found 1
Infected objects found 1
Suspicious objects found 0
Scan duration 04:16:32

File name Threat Threats count
C:\Users\admin\Documents\Games-Instal\SetupCloneCD.exe Infected: not-a-virus:AdWare.Win32.CommonName.by 1

Selected area has been scanned.


What do I do now?

 

Ok. If you have deleted that entry, you just need to do the following;

Launch OTL and click on the Cleanup button. Follow the prompts.

That should remove the apps you have used here.

Let me know if there is anything else we can do. How is the pc?

 

Done and done.
Thank you very much for all your help.
PC is fine...just startup and shut down is a bit slower than before...but i can live with that.
Thanks once again

 

No worries