ilikepopcorn

Members

View Profile See their activity

Posts
6
Joined
December 23, 2009
Last visited
December 24, 2009

Reputation

0 Neutral

Malware Won't run.... not sure what DH did!

ilikepopcorn replied to jmac's topic in Resolved Malware Removal Logs

GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2009-12-23 19:36:45 Windows 5.1.2600 Service Pack 3 Running: onj2zkr3.exe; Driver: C:\DOCUME~1\Dmetrius\LOCALS~1\Temp\pwldypow.sys ---- System - GMER 1.0.15 ---- Code 89291218 ZwEnumerateKey Code 868174F8 ZwFlushInstructionCache Code 86A8BA4E IofCallDriver Code 86A8F14E IofCompleteRequest ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Fastfat \Fat 973EFD20 Device \FileSystem\Fastfat \Fat 97407631 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Modules - GMER 1.0.15 ---- Module \systemroot\system32\drivers\H8SRTkyputehyiw.sys (*** hidden *** ) 989BD000-989DA000 (118784 bytes) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\H8SRTkyputehyiw.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTkyputehyiw.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTkyputehyiw.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTsiorjbxykr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTvkbgkciqum.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTltiqjxjkxv.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1 Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1 Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTkyputehyiw.sys Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTkyputehyiw.sys Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTsiorjbxykr.dll Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTvkbgkciqum.dat Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTltiqjxjkxv.dll ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Dmetrius\Local Settings\Temp\H8SRT3456.tmp 343040 bytes executable File C:\WINDOWS\system32\drivers\H8SRTkyputehyiw.sys 40960 bytes executable <-- ROOTKIT !!! File C:\WINDOWS\system32\H8SRTsiorjbxykr.dll 23040 bytes executable File C:\WINDOWS\system32\H8SRTvkbgkciqum.dat 202 bytes ---- EOF - GMER 1.0.15 ----
- December 24, 2009
- 13 replies
Malware Won't run.... not sure what DH did!

ilikepopcorn replied to jmac's topic in Resolved Malware Removal Logs

yes, let me run that again, doesn't look like i saved that log
- December 24, 2009
- 13 replies
Malware Won't run.... not sure what DH did!

ilikepopcorn replied to jmac's topic in Resolved Malware Removal Logs

OTL logfile created on: 12/23/2009 10:19:10 AM - Run 1 OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Dmetrius\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.36 Gb Total Space | 44.08 Gb Free Space | 59.28% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1.92 Gb Total Space | 1.73 Gb Free Space | 90.43% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JUSTICE Current User Name: Dmetrius Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Dmetrius\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Documents and Settings\Dmetrius\Local Settings\Temp\Installer.exe () PRC - C:\Documents and Settings\Dmetrius\Local Settings\Temp\wscsvc32.exe (Microsoft Corporation) PRC - C:\Documents and Settings\Dmetrius\Local Settings\Temp\richtx64.exe (Microsoft Corporation) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) PRC - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.) PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.) PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.) PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation) PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files\Intel\AMT\lms.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.) PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Dmetrius\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Dell\Dell ControlPoint\System Manager\dadkeyb.dll (Dell Inc.) MOD - C:\WINDOWS\system32\igfxdo.dll (Intel Corporation) MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.) MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.) SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.) SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.) SRV - (STacSV) -- c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.) SRV - (UNS) Intel® -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\lms.exe (Intel Corporation) SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation) SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.) SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.) SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe () SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.) ========== Driver Services (SafeList) ========== DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation) DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys () DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation) DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation) DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation ) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1 IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en" FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: minimalistgmail@mattconstantine.com:1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.1 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6 FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/28 09:35:11 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/28 09:52:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 16:05:06 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 16:05:06 | 00,000,000 | ---D | M] [2009/11/26 10:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Extensions [2009/11/26 10:11:02 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/12/22 19:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions [2009/11/28 10:17:45 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/11/26 10:28:22 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009/11/26 10:28:23 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2009/11/28 12:30:49 | 00,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c} [2009/11/29 08:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions\minimalistgmail@mattconstantine.com [2009/11/26 10:10:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/12/17 16:05:06 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/12/17 16:05:02 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/12/17 16:05:02 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/12/17 16:05:02 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/11/02 19:16:17 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/11/02 19:16:17 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/11/02 19:16:17 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/11/02 19:16:17 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/11/02 19:16:17 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/11/02 19:16:17 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/11/02 19:16:17 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.) O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.) O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.) O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4 - HKLM..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation) O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [richtx64.exe] C:\Documents and Settings\Dmetrius\Local Settings\Temp\richtx64.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 15:29:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{9ec2a414-db75-11de-8a95-0022fbc14232}\Shell - "" = AutoRun O33 - MountPoints2\{9ec2a414-db75-11de-8a95-0022fbc14232}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9ec2a414-db75-11de-8a95-0022fbc14232}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{c6849e14-da99-11de-8a92-0022fbc14232}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* CREATERESTOREPOINT Error starting restore point: 31 Error closing restore point: The sequence number is invalid. ========== Files/Folders - Created Within 30 Days ========== [2009/12/23 10:16:42 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dmetrius\Desktop\OTL.exe [2009/12/23 09:09:48 | 09,409,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dmetrius\Desktop\windows-kb890830-v3.2.exe [2009/12/23 08:46:06 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender [2009/12/23 08:43:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malware Defense [2009/12/23 08:14:03 | 00,000,000 | ---D | C] -- C:\957716cea60ea23aa49f125de3d7 [2009/12/22 21:06:29 | 01,839,496 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Dmetrius\Desktop\HousecallLauncher.exe [2009/12/22 20:08:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Desktop\500 Days Of Summer[2009] DvDrip H.264 AAC - Westy1983 [2009/12/19 13:03:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Desktop\go baby [2009/12/15 19:41:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Desktop\Inglourious Basterds (2009) DVDRip XviD-MAXSPEED [2009/12/14 17:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Desktop\The Matrix Box Set BDRip H264 5.1 ch-SecretMyth (Kingdom-Release) [2009/12/05 15:19:10 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2009/12/05 15:19:09 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2009/12/03 20:18:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Move Networks [2009/12/01 19:33:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Yahoo [2009/12/01 19:33:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Yahoo! [2009/12/01 19:23:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! [2009/12/01 19:21:39 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo! [2009/11/30 18:46:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/11/30 06:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009/11/29 20:06:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/11/29 20:04:58 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2009/11/29 20:04:48 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2009/11/29 20:04:32 | 00,000,000 | ---D | C] -- C:\73ca28085708dd7f6dc13bca [2009/11/29 20:04:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2009/11/29 20:04:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2009/11/29 20:03:50 | 00,000,000 | ---D | C] -- C:\7f83fb5a8cba0c5390086509ad737eff [2009/11/29 19:27:18 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dmetrius\IECompatCache [2009/11/29 19:23:51 | 00,000,000 | ---D | C] -- C:\Program Files\Google [2009/11/29 08:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Apple Computer [2009/11/29 08:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Apple Computer [2009/11/29 08:29:02 | 00,000,000 | ---D | C] -- C:\Program Files\Safari [2009/11/29 08:29:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2009/11/29 08:28:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2009/11/29 08:28:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Apple [2009/11/29 08:28:46 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2009/11/29 08:28:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2009/11/28 11:18:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2009/11/28 10:34:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\WinRAR [2009/11/28 09:52:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll [2009/11/27 23:26:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\U3 [2009/11/27 16:23:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\My Documents\Version Cue [2009/11/27 16:23:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\My Documents\AdobeStockPhotos [2009/11/27 14:15:09 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent [2009/11/27 14:14:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\uTorrent [2009/11/27 14:09:24 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR [2009/11/27 10:36:46 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dmetrius\PrivacIE [2009/11/27 10:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2009/11/27 10:33:01 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour [2009/11/27 10:29:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2009/11/27 10:24:45 | 00,000,000 | ---D | C] -- C:\6b63bb1860ff77ac39d82fa2 [2009/11/27 10:19:50 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dmetrius\IETldCache [2009/11/27 06:29:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Adobe [2009/11/27 06:28:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe [2009/11/27 06:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2009/11/27 06:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe [2009/11/27 05:21:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2009/11/27 05:21:05 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2009/11/27 05:21:05 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2009/11/27 05:21:05 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2009/11/27 05:21:05 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2009/11/27 05:20:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2009/11/27 05:20:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009/11/27 03:00:36 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2009/11/26 12:20:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\vlc [2009/11/26 10:53:32 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2009/11/26 10:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Macromedia [2009/11/26 10:24:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\My Documents\Downloads [2009/11/26 10:17:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2009/11/26 10:10:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Mozilla [2009/11/26 10:10:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla [2009/11/26 10:10:48 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2009/11/26 10:00:38 | 00,032,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll [2009/11/26 09:59:48 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2009/11/26 09:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2009/11/26 09:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2009/11/26 09:59:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2009/11/26 09:58:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8 [2009/11/26 09:58:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW [2009/11/26 09:57:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Microsoft Help [2009/11/26 09:57:49 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2009/11/26 09:57:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2009/11/26 09:57:38 | 00,000,000 | RH-D | C] -- C:\MSOCache [2009/11/26 09:56:34 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys [2009/11/26 09:23:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DellUCM [2009/11/26 09:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Adobe [2009/11/26 09:15:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2009/11/26 08:50:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Windows Search [2009/11/26 08:46:31 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Dmetrius\Application Data\Microsoft [2009/11/26 08:46:31 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dmetrius\SendTo [2009/11/26 08:46:31 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dmetrius\Recent [2009/11/26 08:46:31 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dmetrius\Application Data [2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\Start Menu [2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\My Documents\My Videos [2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\My Documents\My Pictures [2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\My Documents\My Music [2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\My Documents [2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\Favorites [2009/11/26 08:46:31 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dmetrius\Cookies [2009/11/26 08:46:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dmetrius\Templates [2009/11/26 08:46:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dmetrius\PrintHood [2009/11/26 08:46:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dmetrius\NetHood [2009/11/26 08:46:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dmetrius\Local Settings [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Windows Desktop Search [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Wave Systems Corp [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Wave Systems Corp [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Sun [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\PowerDVD DX [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Microsoft [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Intel [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\InstallShield [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Identities [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Identities [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Desktop [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\BVRP Software [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Broadcom [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Bluetooth Software [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\My Documents\Bluetooth Exchange Folder [2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\ApplicationHistory [2009/08/28 09:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel [2009/08/28 09:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel [2009/08/28 09:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems [2008/04/25 15:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2008/04/25 15:29:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/23 10:15:44 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\onj2zkr3.exe [2009/12/23 10:15:28 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dmetrius\Desktop\OTL.exe [2009/12/23 10:12:46 | 00,001,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk [2009/12/23 10:12:46 | 00,001,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk [2009/12/23 10:12:46 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\youporn.com.lnk [2009/12/23 09:41:14 | 00,557,242 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/23 09:41:14 | 00,466,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/23 09:41:14 | 00,080,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/23 09:38:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/23 09:37:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\WavXMapDrive.bat [2009/12/23 09:36:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/23 09:36:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/23 09:36:26 | 31,036,78464 | -HS- | M] () -- C:\hiberfil.sys [2009/12/23 09:13:24 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Dmetrius\NTUSER.DAT [2009/12/23 09:13:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Dmetrius\ntuser.ini [2009/12/23 09:12:58 | 05,349,212 | -H-- | M] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\IconCache.db [2009/12/23 08:11:14 | 09,409,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dmetrius\Desktop\windows-kb890830-v3.2.exe [2009/12/23 08:07:18 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\WindowsDefender.msi [2009/12/22 21:19:04 | 00,000,202 | ---- | M] () -- C:\WINDOWS\System32\srcr.dat [2009/12/22 21:06:38 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\housecall.guid.cache [2009/12/22 21:06:29 | 01,839,496 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Dmetrius\Desktop\HousecallLauncher.exe [2009/12/22 18:48:13 | 00,000,656 | ---- | M] () -- C:\WINDOWS\System32\krl32mainweq.dll [2009/12/22 18:46:41 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini [2009/12/21 22:30:28 | 00,045,626 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\img.php.png [2009/12/20 19:07:48 | 00,097,392 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\buffalo6601.jpg [2009/12/20 18:17:11 | 00,411,768 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\IMG00048-20091219-1712.jpg [2009/12/19 12:25:40 | 00,465,218 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\IMG00037-20091218-1433.jpg [2009/12/15 22:21:42 | 00,068,096 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/09 11:32:07 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/12/06 14:34:11 | 01,552,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/12/06 13:39:22 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/29 20:07:07 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2009/11/29 20:07:07 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2009/11/29 20:04:28 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2009/11/29 20:04:08 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2009/11/29 08:29:30 | 00,056,136 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2009/11/28 09:52:13 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf [2009/11/26 10:53:39 | 00,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2009/11/26 10:10:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2009/11/26 10:10:49 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/11/26 08:46:22 | 00,000,579 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2009/11/26 08:46:21 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2009/11/26 08:46:21 | 00,000,211 | RHS- | M] () -- C:\boot.ini [2009/11/26 08:43:03 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF [2009/11/26 08:42:24 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/23 10:16:42 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\onj2zkr3.exe [2009/12/23 10:12:46 | 00,001,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk [2009/12/23 10:12:46 | 00,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk [2009/12/23 10:12:46 | 00,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\youporn.com.lnk [2009/12/23 09:36:26 | 31,036,78464 | -HS- | C] () -- C:\hiberfil.sys [2009/12/23 09:09:45 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\WindowsDefender.msi [2009/12/22 21:06:38 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\housecall.guid.cache [2009/12/22 18:48:13 | 00,000,656 | ---- | C] () -- C:\WINDOWS\System32\krl32mainweq.dll [2009/12/22 18:47:11 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\srcr.dat [2009/12/22 18:46:41 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini [2009/12/21 22:30:27 | 00,045,626 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\img.php.png [2009/12/20 19:07:13 | 00,097,392 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\buffalo6601.jpg [2009/12/20 18:17:11 | 00,411,768 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\IMG00048-20091219-1712.jpg [2009/12/19 12:25:40 | 00,465,218 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\IMG00037-20091218-1433.jpg [2009/11/29 20:04:08 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2009/11/29 08:29:30 | 00,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/11/28 09:52:13 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf [2009/11/26 10:53:39 | 00,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk [2009/11/26 10:52:18 | 00,068,096 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/26 10:10:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/11/26 10:10:49 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2009/11/26 08:46:31 | 03,670,016 | -H-- | C] () -- C:\Documents and Settings\Dmetrius\NTUSER.DAT [2009/11/26 08:46:31 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Dmetrius\ntuser.ini [2009/11/26 08:46:31 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\setup.txt [2009/11/26 08:46:31 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\WavXMapDrive.bat [2009/11/26 08:46:21 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT [2009/11/26 08:42:24 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD [2009/08/28 12:13:58 | 00,001,156 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2009/08/28 10:05:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/08/28 09:59:51 | 00,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys [2009/08/28 09:45:18 | 00,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll [2009/08/28 09:42:55 | 00,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll [2009/04/22 08:58:30 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\DTMessageLib.dll [2009/04/10 11:01:12 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll [2009/02/26 15:54:52 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll [2009/02/26 15:54:50 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll [2009/02/26 15:54:48 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll [2009/02/26 15:54:48 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll [2009/02/26 15:54:46 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll [2009/02/26 15:54:44 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll [2009/02/26 15:54:44 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll [2009/02/26 15:54:42 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll [2009/02/26 15:54:40 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll [2009/02/26 15:54:40 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll [2009/02/26 15:54:38 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll [2009/02/26 15:54:36 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll [2009/02/26 15:54:34 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll [2009/02/26 15:54:34 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll [2009/02/26 15:54:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll [2009/02/26 15:54:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll [2009/02/26 15:54:30 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll [2009/02/26 15:54:28 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll [2009/02/26 15:54:28 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll [2009/02/26 15:54:26 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll [2009/02/26 15:54:24 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll [2009/02/26 15:54:24 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll [2009/02/26 15:54:20 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll [2009/02/26 15:54:20 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll [2009/02/17 08:51:28 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll [2009/02/17 08:51:28 | 00,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll [2009/02/17 08:51:26 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll [2009/02/17 08:51:24 | 00,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll [2009/02/17 08:51:24 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll [2009/02/17 08:51:24 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll [2009/02/17 08:51:22 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll [2009/02/17 08:51:22 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll [2009/02/17 08:51:20 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll [2009/02/17 08:51:20 | 00,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll [2009/02/17 08:51:20 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll [2009/02/17 08:51:18 | 00,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll [2009/02/17 08:51:16 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll [2009/02/17 08:51:16 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll [2009/02/17 08:51:16 | 00,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll [2009/02/17 08:51:14 | 00,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll [2009/02/17 08:51:04 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll [2009/02/17 08:51:04 | 00,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll [2009/02/17 08:51:02 | 00,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll [2009/02/17 08:51:02 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll [2009/02/17 08:51:00 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll [2009/02/17 08:51:00 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll [2009/02/17 08:50:58 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll [2009/02/17 08:50:58 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll [2009/02/17 07:46:36 | 00,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll [2009/01/06 15:25:36 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll [2008/12/22 13:13:54 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll [2008/10/06 17:36:56 | 00,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll [2008/08/15 07:46:30 | 02,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008/04/25 15:26:32 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008/03/25 08:46:00 | 00,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll [2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007/04/19 04:52:16 | 00,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll [2007/04/19 04:28:10 | 00,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll [2006/06/30 11:58:44 | 00,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll [2006/06/30 11:58:44 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll [2006/06/12 07:01:16 | 00,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll [2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2004/09/10 12:34:00 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll [2004/09/10 12:34:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll [2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2009/08/28 09:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T [2009/08/28 09:50:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems [2009/08/28 09:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp [2009/08/28 09:53:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Broadcom [2009/12/22 20:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\uTorrent [2009/08/28 10:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Wave Systems Corp [2009/08/28 09:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Windows Desktop Search [2009/11/26 08:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Windows Search ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/04/14 06:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2008/04/14 06:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 06:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2009/02/11 16:26:18 | 00,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/04/22 16:39:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\drivers\storage\R213316\IaStor.sys [2009/02/11 16:11:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/04/22 16:39:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/14 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 06:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll ========== Files - Unicode (All) ========== [2009/12/10 16:42:03 | 00,000,000 | ---D | M](C:\Documents and Settings\Dmetrius\Desktop\
- December 24, 2009
- 13 replies
Malware Won't run.... not sure what DH did!

ilikepopcorn replied to jmac's topic in Resolved Malware Removal Logs
- December 24, 2009
- 13 replies
Malware Won't run.... not sure what DH did!

ilikepopcorn replied to jmac's topic in Resolved Malware Removal Logs
- December 24, 2009
- 13 replies
Malware Won't run.... not sure what DH did!

ilikepopcorn replied to jmac's topic in Resolved Malware Removal Logs

i followed all of these steps, thank you, what would be the next step?
- December 23, 2009
- 13 replies

Sign In

ilikepopcorn

Posts

Joined

Last visited

Reputation

Malware Won't run.... not sure what DH did!

Malware Won't run.... not sure what DH did!

Malware Won't run.... not sure what DH did!

Malware Won't run.... not sure what DH did!

Malware Won't run.... not sure what DH did!

Malware Won't run.... not sure what DH did!

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information