Jump to content

Malware Won't run.... not sure what DH did!


jmac
 Share

Recommended Posts

Hi...

I am not sure what is happening, but we are getting all kinds of "Security Alerts" and "Malware Defense" is trying to add. We also have some not "appropriate" icons on the desktop now.

I have tried to install Malwarebytes, but I cannot run it.

I am not sure what to do....

Please help!

(We need the pc up asap as my DH is a salesrep and has orders to place......)

Thanks!

P.S. Here is one Security Alert Center that is coming up.... Rootkit.Win32.Agent.pp... this keeps changing....

Link to post
Share on other sites

Hello jmac

Welcome to Malwarebytes. :P

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    /md5stop

    CREATERESTOREPOINT


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • Sections

  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.

Link to post
Share on other sites

Hello jmac

Welcome to Malwarebytes. :)

=====================

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    /md5stop

    CREATERESTOREPOINT


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED


  • Sections

  • IAT/EAT

  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)

  • Show All (don't miss this one)


  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.

i followed all of these steps, thank you, what would be the next step?

Link to post
Share on other sites

OTL logfile created on: 12/23/2009 10:19:10 AM - Run 1

OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Dmetrius\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.36 Gb Total Space | 44.08 Gb Free Space | 59.28% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 1.92 Gb Total Space | 1.73 Gb Free Space | 90.43% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JUSTICE

Current User Name: Dmetrius

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Dmetrius\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Documents and Settings\Dmetrius\Local Settings\Temp\Installer.exe ()

PRC - C:\Documents and Settings\Dmetrius\Local Settings\Temp\wscsvc32.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\Dmetrius\Local Settings\Temp\richtx64.exe (Microsoft Corporation)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)

PRC - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)

PRC - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)

PRC - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)

PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)

PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)

PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files\Intel\AMT\lms.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)

PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)

PRC - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)

PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)

PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)

PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Dmetrius\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Dell\Dell ControlPoint\System Manager\dadkeyb.dll (Dell Inc.)

MOD - C:\WINDOWS\system32\igfxdo.dll (Intel Corporation)

MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)

MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)

SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)

SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)

SRV - (STacSV) -- c:\drivers\audio\R213367\stacsv.exe (IDT, Inc.)

SRV - (UNS) Intel® -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel® -- C:\Program Files\Intel\AMT\lms.exe (Intel Corporation)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)

SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)

SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)

SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)

SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()

SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

========== Driver Services (SafeList) ==========

DRV - (NuidFltr) -- C:\WINDOWS\system32\drivers\nuidfltr.sys (Microsoft Corporation)

DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (WavxDMgr) -- C:\WINDOWS\system32\drivers\WavxDMgr.sys (Wave Systems Corp.)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)

DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)

DRV - (IntcHdmiAddService) Intel® -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (e1yexpress) Intel® -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation)

DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (cvusbdrv) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys (Broadcom Corporation)

DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (USBCCID) -- C:\WINDOWS\system32\drivers\usbccid.sys (Microsoft Corporation)

DRV - (PBADRV) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)

DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )

DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)

DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)

DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)

DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)

DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)

DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: minimalistgmail@mattconstantine.com:1.1

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.1

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/28 09:35:11 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/28 09:52:34 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 16:05:06 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 16:05:06 | 00,000,000 | ---D | M]

[2009/11/26 10:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Extensions

[2009/11/26 10:11:02 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/12/22 19:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions

[2009/11/28 10:17:45 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/11/26 10:28:22 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/11/26 10:28:23 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2009/11/28 12:30:49 | 00,000,000 | ---D | M] (Text-to-Image) -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}

[2009/11/29 08:35:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla\Firefox\Profiles\abpj39ff.default\extensions\minimalistgmail@mattconstantine.com

[2009/11/26 10:10:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/12/17 16:05:06 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/12/17 16:05:02 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/12/17 16:05:02 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/12/17 16:05:02 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/11/02 19:16:17 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/11/02 19:16:17 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/11/02 19:16:17 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/11/02 19:16:17 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/11/02 19:16:17 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/11/02 19:16:17 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/11/02 19:16:17 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)

O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)

O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)

O4 - HKLM..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)

O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [richtx64.exe] C:\Documents and Settings\Dmetrius\Local Settings\Temp\richtx64.exe (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/04/25 15:29:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{9ec2a414-db75-11de-8a95-0022fbc14232}\Shell - "" = AutoRun

O33 - MountPoints2\{9ec2a414-db75-11de-8a95-0022fbc14232}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{9ec2a414-db75-11de-8a95-0022fbc14232}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found

O33 - MountPoints2\{c6849e14-da99-11de-8a92-0022fbc14232}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

CREATERESTOREPOINT

Error starting restore point: 31

Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2009/12/23 10:16:42 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dmetrius\Desktop\OTL.exe

[2009/12/23 09:09:48 | 09,409,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Dmetrius\Desktop\windows-kb890830-v3.2.exe

[2009/12/23 08:46:06 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender

[2009/12/23 08:43:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malware Defense

[2009/12/23 08:14:03 | 00,000,000 | ---D | C] -- C:\957716cea60ea23aa49f125de3d7

[2009/12/22 21:06:29 | 01,839,496 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Dmetrius\Desktop\HousecallLauncher.exe

[2009/12/22 20:08:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Desktop\500 Days Of Summer[2009] DvDrip H.264 AAC - Westy1983

[2009/12/19 13:03:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Desktop\go baby

[2009/12/15 19:41:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Desktop\Inglourious Basterds (2009) DVDRip XviD-MAXSPEED

[2009/12/14 17:24:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Desktop\The Matrix Box Set BDRip H264 5.1 ch-SecretMyth (Kingdom-Release)

[2009/12/05 15:19:10 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2009/12/05 15:19:09 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

[2009/12/03 20:18:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Move Networks

[2009/12/01 19:33:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Yahoo

[2009/12/01 19:33:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Yahoo!

[2009/12/01 19:23:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!

[2009/12/01 19:21:39 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2009/11/30 18:46:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2009/11/30 06:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2009/11/29 20:06:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2009/11/29 20:04:58 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2009/11/29 20:04:48 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2

[2009/11/29 20:04:32 | 00,000,000 | ---D | C] -- C:\73ca28085708dd7f6dc13bca

[2009/11/29 20:04:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2009/11/29 20:04:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles

[2009/11/29 20:03:50 | 00,000,000 | ---D | C] -- C:\7f83fb5a8cba0c5390086509ad737eff

[2009/11/29 19:27:18 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dmetrius\IECompatCache

[2009/11/29 19:23:51 | 00,000,000 | ---D | C] -- C:\Program Files\Google

[2009/11/29 08:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Apple Computer

[2009/11/29 08:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Apple Computer

[2009/11/29 08:29:02 | 00,000,000 | ---D | C] -- C:\Program Files\Safari

[2009/11/29 08:29:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2009/11/29 08:28:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2009/11/29 08:28:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Apple

[2009/11/29 08:28:46 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2009/11/29 08:28:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple

[2009/11/28 11:18:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2009/11/28 10:34:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\WinRAR

[2009/11/28 09:52:12 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidserv.dll

[2009/11/27 23:26:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\U3

[2009/11/27 16:23:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\My Documents\Version Cue

[2009/11/27 16:23:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\My Documents\AdobeStockPhotos

[2009/11/27 14:15:09 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2009/11/27 14:14:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\uTorrent

[2009/11/27 14:09:24 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2009/11/27 10:36:46 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dmetrius\PrivacIE

[2009/11/27 10:36:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2009/11/27 10:33:01 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2009/11/27 10:29:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared

[2009/11/27 10:24:45 | 00,000,000 | ---D | C] -- C:\6b63bb1860ff77ac39d82fa2

[2009/11/27 10:19:50 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dmetrius\IETldCache

[2009/11/27 06:29:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Adobe

[2009/11/27 06:28:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/11/27 06:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2009/11/27 06:28:27 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe

[2009/11/27 05:21:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2009/11/27 05:21:05 | 11,069,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll

[2009/11/27 05:21:05 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll

[2009/11/27 05:21:05 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll

[2009/11/27 05:21:05 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll

[2009/11/27 05:20:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2009/11/27 05:20:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2009/11/27 03:00:36 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2009/11/26 12:20:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\vlc

[2009/11/26 10:53:32 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN

[2009/11/26 10:25:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Macromedia

[2009/11/26 10:24:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\My Documents\Downloads

[2009/11/26 10:17:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2009/11/26 10:10:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Mozilla

[2009/11/26 10:10:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Mozilla

[2009/11/26 10:10:48 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2009/11/26 10:00:38 | 00,032,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll

[2009/11/26 09:59:48 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2009/11/26 09:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio

[2009/11/26 09:59:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER

[2009/11/26 09:59:23 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET

[2009/11/26 09:58:19 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8

[2009/11/26 09:58:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW

[2009/11/26 09:57:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Microsoft Help

[2009/11/26 09:57:49 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office

[2009/11/26 09:57:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2009/11/26 09:57:38 | 00,000,000 | RH-D | C] -- C:\MSOCache

[2009/11/26 09:56:34 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys

[2009/11/26 09:23:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DellUCM

[2009/11/26 09:16:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Adobe

[2009/11/26 09:15:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2009/11/26 08:50:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Windows Search

[2009/11/26 08:46:31 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Dmetrius\Application Data\Microsoft

[2009/11/26 08:46:31 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dmetrius\SendTo

[2009/11/26 08:46:31 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dmetrius\Recent

[2009/11/26 08:46:31 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Dmetrius\Application Data

[2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\Start Menu

[2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\My Documents\My Videos

[2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\My Documents\My Pictures

[2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\My Documents\My Music

[2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\My Documents

[2009/11/26 08:46:31 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Dmetrius\Favorites

[2009/11/26 08:46:31 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Dmetrius\Cookies

[2009/11/26 08:46:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dmetrius\Templates

[2009/11/26 08:46:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dmetrius\PrintHood

[2009/11/26 08:46:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dmetrius\NetHood

[2009/11/26 08:46:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Dmetrius\Local Settings

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Windows Desktop Search

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Wave Systems Corp

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Wave Systems Corp

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Sun

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\PowerDVD DX

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Microsoft

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Intel

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\InstallShield

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\Identities

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Identities

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Desktop

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\BVRP Software

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Application Data\Broadcom

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Bluetooth Software

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\My Documents\Bluetooth Exchange Folder

[2009/11/26 08:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\ApplicationHistory

[2009/08/28 09:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel

[2009/08/28 09:56:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel

[2009/08/28 09:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems

[2008/04/25 15:32:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2008/04/25 15:29:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/23 10:15:44 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\onj2zkr3.exe

[2009/12/23 10:15:28 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dmetrius\Desktop\OTL.exe

[2009/12/23 10:12:46 | 00,001,603 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk

[2009/12/23 10:12:46 | 00,001,599 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk

[2009/12/23 10:12:46 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\youporn.com.lnk

[2009/12/23 09:41:14 | 00,557,242 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/23 09:41:14 | 00,466,982 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/23 09:41:14 | 00,080,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/23 09:38:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/23 09:37:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\WavXMapDrive.bat

[2009/12/23 09:36:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/23 09:36:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/23 09:36:26 | 31,036,78464 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/23 09:13:24 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\Dmetrius\NTUSER.DAT

[2009/12/23 09:13:03 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Dmetrius\ntuser.ini

[2009/12/23 09:12:58 | 05,349,212 | -H-- | M] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\IconCache.db

[2009/12/23 08:11:14 | 09,409,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dmetrius\Desktop\windows-kb890830-v3.2.exe

[2009/12/23 08:07:18 | 05,154,304 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\WindowsDefender.msi

[2009/12/22 21:19:04 | 00,000,202 | ---- | M] () -- C:\WINDOWS\System32\srcr.dat

[2009/12/22 21:06:38 | 00,000,036 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\housecall.guid.cache

[2009/12/22 21:06:29 | 01,839,496 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Dmetrius\Desktop\HousecallLauncher.exe

[2009/12/22 18:48:13 | 00,000,656 | ---- | M] () -- C:\WINDOWS\System32\krl32mainweq.dll

[2009/12/22 18:46:41 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini

[2009/12/21 22:30:28 | 00,045,626 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\img.php.png

[2009/12/20 19:07:48 | 00,097,392 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\buffalo6601.jpg

[2009/12/20 18:17:11 | 00,411,768 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\IMG00048-20091219-1712.jpg

[2009/12/19 12:25:40 | 00,465,218 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Desktop\IMG00037-20091218-1433.jpg

[2009/12/15 22:21:42 | 00,068,096 | ---- | M] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/09 11:32:07 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/12/06 14:34:11 | 01,552,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/12/06 13:39:22 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/11/29 20:07:07 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2009/11/29 20:07:07 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2009/11/29 20:04:28 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2009/11/29 20:04:08 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/11/29 08:29:30 | 00,056,136 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/11/28 09:52:13 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

[2009/11/26 10:53:39 | 00,000,721 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2009/11/26 10:10:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2009/11/26 10:10:49 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/11/26 08:46:22 | 00,000,579 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2009/11/26 08:46:21 | 00,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT

[2009/11/26 08:46:21 | 00,000,211 | RHS- | M] () -- C:\boot.ini

[2009/11/26 08:43:03 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

[2009/11/26 08:42:24 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/23 10:16:42 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\onj2zkr3.exe

[2009/12/23 10:12:46 | 00,001,603 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\pornotube.com.lnk

[2009/12/23 10:12:46 | 00,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\nudetube.com.lnk

[2009/12/23 10:12:46 | 00,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\youporn.com.lnk

[2009/12/23 09:36:26 | 31,036,78464 | -HS- | C] () -- C:\hiberfil.sys

[2009/12/23 09:09:45 | 05,154,304 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\WindowsDefender.msi

[2009/12/22 21:06:38 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\housecall.guid.cache

[2009/12/22 18:48:13 | 00,000,656 | ---- | C] () -- C:\WINDOWS\System32\krl32mainweq.dll

[2009/12/22 18:47:11 | 00,000,202 | ---- | C] () -- C:\WINDOWS\System32\srcr.dat

[2009/12/22 18:46:41 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini

[2009/12/21 22:30:27 | 00,045,626 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\img.php.png

[2009/12/20 19:07:13 | 00,097,392 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\buffalo6601.jpg

[2009/12/20 18:17:11 | 00,411,768 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\IMG00048-20091219-1712.jpg

[2009/12/19 12:25:40 | 00,465,218 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Desktop\IMG00037-20091218-1433.jpg

[2009/11/29 20:04:08 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2009/11/29 08:29:30 | 00,056,136 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/11/28 09:52:13 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

[2009/11/26 10:53:39 | 00,000,721 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

[2009/11/26 10:52:18 | 00,068,096 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/26 10:10:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/11/26 10:10:49 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/11/26 08:46:31 | 03,670,016 | -H-- | C] () -- C:\Documents and Settings\Dmetrius\NTUSER.DAT

[2009/11/26 08:46:31 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Dmetrius\ntuser.ini

[2009/11/26 08:46:31 | 00,000,051 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\setup.txt

[2009/11/26 08:46:31 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Dmetrius\Local Settings\Application Data\WavXMapDrive.bat

[2009/11/26 08:46:21 | 00,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT

[2009/11/26 08:42:24 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2009/08/28 12:13:58 | 00,001,156 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2009/08/28 10:05:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009/08/28 09:59:51 | 00,232,744 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys

[2009/08/28 09:45:18 | 00,279,888 | ---- | C] () -- C:\WINDOWS\System32\brcmbsp.dll

[2009/08/28 09:42:55 | 00,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll

[2009/04/22 08:58:30 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\DTMessageLib.dll

[2009/04/10 11:01:12 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\preflib.dll

[2009/02/26 15:54:52 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll

[2009/02/26 15:54:50 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll

[2009/02/26 15:54:48 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll

[2009/02/26 15:54:48 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll

[2009/02/26 15:54:46 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll

[2009/02/26 15:54:44 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll

[2009/02/26 15:54:44 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll

[2009/02/26 15:54:42 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll

[2009/02/26 15:54:40 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll

[2009/02/26 15:54:40 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll

[2009/02/26 15:54:38 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll

[2009/02/26 15:54:36 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll

[2009/02/26 15:54:34 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll

[2009/02/26 15:54:34 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll

[2009/02/26 15:54:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll

[2009/02/26 15:54:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll

[2009/02/26 15:54:30 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll

[2009/02/26 15:54:28 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll

[2009/02/26 15:54:28 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll

[2009/02/26 15:54:26 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll

[2009/02/26 15:54:24 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll

[2009/02/26 15:54:24 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll

[2009/02/26 15:54:20 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll

[2009/02/26 15:54:20 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll

[2009/02/17 08:51:28 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll

[2009/02/17 08:51:28 | 00,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll

[2009/02/17 08:51:26 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll

[2009/02/17 08:51:24 | 00,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll

[2009/02/17 08:51:24 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll

[2009/02/17 08:51:24 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll

[2009/02/17 08:51:22 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll

[2009/02/17 08:51:22 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll

[2009/02/17 08:51:20 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fi.dll

[2009/02/17 08:51:20 | 00,479,232 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll

[2009/02/17 08:51:20 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll

[2009/02/17 08:51:18 | 00,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll

[2009/02/17 08:51:16 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll

[2009/02/17 08:51:16 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll

[2009/02/17 08:51:16 | 00,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll

[2009/02/17 08:51:14 | 00,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll

[2009/02/17 08:51:04 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_cs.dll

[2009/02/17 08:51:04 | 00,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ar.dll

[2009/02/17 08:51:02 | 00,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_el.dll

[2009/02/17 08:51:02 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_he.dll

[2009/02/17 08:51:00 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-PT.dll

[2009/02/17 08:51:00 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\AmRes_hu.dll

[2009/02/17 08:50:58 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ro.dll

[2009/02/17 08:50:58 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_tr.dll

[2009/02/17 07:46:36 | 00,544,768 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll

[2009/01/06 15:25:36 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll

[2008/12/22 13:13:54 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll

[2008/10/06 17:36:56 | 00,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll

[2008/08/15 07:46:30 | 02,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2008/04/25 15:26:32 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2008/03/25 08:46:00 | 00,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll

[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2007/04/19 04:52:16 | 00,080,720 | ---- | C] () -- C:\WINDOWS\System32\AsfBios.dll

[2007/04/19 04:28:10 | 00,025,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\netamsg.dll

[2006/06/30 11:58:44 | 00,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll

[2006/06/30 11:58:44 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll

[2006/06/12 07:01:16 | 00,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll

[2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2004/09/10 12:34:00 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll

[2004/09/10 12:34:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/08/28 09:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T

[2009/08/28 09:50:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems

[2009/08/28 09:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp

[2009/08/28 09:53:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Broadcom

[2009/12/22 20:08:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\uTorrent

[2009/08/28 10:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Wave Systems Corp

[2009/08/28 09:33:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Windows Desktop Search

[2009/11/26 08:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dmetrius\Application Data\Windows Search

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/04/14 06:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >

[2008/04/14 06:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/14 06:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >

[2009/02/11 16:26:18 | 00,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009/04/22 16:39:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\drivers\storage\R213316\IaStor.sys

[2009/02/11 16:11:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009/04/22 16:39:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >

[2008/04/14 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >

[2008/04/14 06:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Files - Unicode (All) ==========

[2009/12/10 16:42:03 | 00,000,000 | ---D | M](C:\Documents and Settings\Dmetrius\Desktop\

Link to post
Share on other sites

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2009-12-23 19:36:45

Windows 5.1.2600 Service Pack 3

Running: onj2zkr3.exe; Driver: C:\DOCUME~1\Dmetrius\LOCALS~1\Temp\pwldypow.sys

---- System - GMER 1.0.15 ----

Code 89291218 ZwEnumerateKey

Code 868174F8 ZwFlushInstructionCache

Code 86A8BA4E IofCallDriver

Code 86A8F14E IofCompleteRequest

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat 973EFD20

Device \FileSystem\Fastfat \Fat 97407631

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTkyputehyiw.sys (*** hidden *** ) 989BD000-989DA000 (118784 bytes)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\H8SRTkyputehyiw.sys (*** hidden *** ) [sYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTkyputehyiw.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTkyputehyiw.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTsiorjbxykr.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTvkbgkciqum.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTltiqjxjkxv.dll

Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1

Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1

Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTkyputehyiw.sys

Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system

Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTkyputehyiw.sys

Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTsiorjbxykr.dll

Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTvkbgkciqum.dat

Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTltiqjxjkxv.dll

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Dmetrius\Local Settings\Temp\H8SRT3456.tmp 343040 bytes executable

File C:\WINDOWS\system32\drivers\H8SRTkyputehyiw.sys 40960 bytes executable <-- ROOTKIT !!!

File C:\WINDOWS\system32\H8SRTsiorjbxykr.dll 23040 bytes executable

File C:\WINDOWS\system32\H8SRTvkbgkciqum.dat 202 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

One or more of the identified infections is a backdoor trojan or rootkit.

This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.