Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

loader.exe


  • Please log in to reply

#1
eye-mind

eye-mind

    New Member

  • Member
  • Pip
  • 2 posts
I just found out that I have this virus running on my computer by running a little program called Assassin that looks for hostile processes. I have been having problems with my Windows 7 system applications freezing and my system restarting.

I have run multiple virus scanners against this virus and have come up dry. My last attempt this morning was with MABU to no avail. The only information I have, I have gleaned from Assassin: the title is loader.exe, process id 3652, and when I ask for identification, it tells me that it is related to the backdoor.prorat.virus looking to steal passwords and other online banking information.

Any help at all would be appreciated.

By the way, I just opened a topic regarding WOLLF.16 Trojan, which in addition, is on my machine. I do not know if these two are inter-related or if they they were combined when my machine was injected. (I don't know how I originallly received it/them - but I had them on my old machine and now I have them on my new machine.) I have another computer on the same network, we are connected to the internet through the same router, we cannot see each other on the network, we both use PC Tools firewall set on "Public" mode (thinking this was the most secure approach to take to keep our systems secure from one another)... and we both are contaminated. my new machine got it as soon as it was connected to the network.

Below is my OTL report:

OTL logfile created on: 11/24/2010 5:54:17 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Delores\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.09 Gb Total Space | 415.04 Gb Free Space | 91.40% Space Free | Partition Type: NTFS
Drive D: | 11.57 Gb Total Space | 1.41 Gb Free Space | 12.19% Space Free | Partition Type: NTFS
Drive F: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 3.68 Gb Total Space | 3.33 Gb Free Space | 90.47% Space Free | Partition Type: FAT32
Drive H: | 465.11 Gb Total Space | 402.77 Gb Free Space | 86.60% Space Free | Partition Type: NTFS

Computer Name: DELORES-HP | User Name: Delores | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 05:41:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Delores\Downloads\OTL.exe
PRC - [2010/11/09 08:27:58 | 003,179,328 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/11/09 08:27:51 | 001,378,624 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/10/26 17:27:04 | 003,889,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/10/26 17:26:56 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/09/28 20:33:02 | 002,407,632 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/09/28 19:50:06 | 001,760,464 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_NetworkMon.exe
PRC - [2010/08/20 13:08:28 | 003,467,096 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
PRC - [2010/07/21 14:43:24 | 000,198,864 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2010/07/21 06:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi.exe
PRC - [2010/07/09 17:08:04 | 002,712,920 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2010/06/11 17:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2010/04/02 14:23:22 | 001,733,856 | ---- | M] (AnVir Software) -- C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe
PRC - [2010/02/04 14:29:18 | 000,584,704 | ---- | M] (http://kmeleon.sf.net/) -- C:\Program Files (x86)\K-Meleon\k-meleon.exe
PRC - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2010/01/12 10:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/11/20 18:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/10/09 05:50:22 | 002,420,736 | ---- | M] (Created By Michael J. Hardy) -- C:\Program Files (x86)\Ultra-Pad\Ultra-Pad.exe
PRC - [2007/04/15 11:41:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\K-Meleon\loader.exe


========== Modules (SafeList) ==========

MOD - [2010/11/24 05:41:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Delores\Downloads\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/01/04 08:32:34 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/01/04 08:32:32 | 000,502,888 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/09 08:27:58 | 003,179,328 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/10/26 17:27:04 | 003,889,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\regguard.sys -- (RegGuard)
DRV:64bit: - [2010/10/12 16:57:14 | 000,137,248 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2010/10/12 16:57:12 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/08/18 12:51:18 | 000,254,624 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/07 17:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/07/07 09:05:32 | 000,017,464 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/01/24 21:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/19 14:44:32 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2010/01/13 07:59:28 | 000,164,496 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2010/01/12 08:34:16 | 000,095,504 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2010/01/07 11:40:24 | 000,306,648 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/01/07 10:35:10 | 000,081,584 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNDIS)
DRV:64bit: - [2009/10/27 20:10:02 | 000,346,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/10/16 04:05:59 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\regguard.sys -- (RegGuard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPDSK/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...GO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.0
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.7
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.93
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}:0.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.6
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/19 02:40:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files (x86)\K-Meleon\Plugins [2010/09/29 06:48:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files (x86)\K-Meleon\Components [2010/09/29 06:48:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/09 08:36:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/09 08:36:49 | 000,000,000 | ---D | M]

[2010/09/18 11:05:37 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Extensions
[2010/11/23 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions
[2010/11/09 08:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/11/19 13:00:01 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/09/18 11:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010/09/18 11:46:45 | 000,000,000 | ---D | M] (Googlepedia) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}
[2010/09/18 11:46:45 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/09/18 11:46:51 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/11/14 09:37:51 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/11/13 11:10:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/16 13:05:42 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/09/18 11:46:47 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/10/11 08:30:07 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/11/13 11:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/09/18 11:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/09/18 11:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/11/13 11:10:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/11 08:30:07 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/09/18 11:46:53 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/09/18 11:46:54 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010/11/19 13:00:01 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/09/18 11:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/11/13 11:10:12 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/09/18 11:46:45 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/13 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/13 11:10:35 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/09/26 07:20:22 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/09/18 11:46:47 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/09/18 11:46:44 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/10/19 09:48:09 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/19 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/13 11:10:50 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/13 11:10:34 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/09/18 11:46:45 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/13 11:10:29 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/13 11:10:42 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]\content\app\extension
[2010/11/19 13:18:53 | 000,001,919 | ---- | M] () -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\searchplugins\bing-zugo.xml
[2010/09/26 07:02:30 | 000,002,380 | ---- | M] () -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\searchplugins\deviantart.xml
[2010/09/26 07:03:44 | 000,002,352 | ---- | M] () -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\searchplugins\search-firefox-addons.xml
[2010/11/13 11:11:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/16 06:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 03:53:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/18 06:34:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\plugins\extensions
[2010/09/18 06:34:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\plugins\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/18 06:34:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\plugins\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 03:53:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/24 03:17:55 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [00PCTFW] C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [AnVir Task Manager Free] C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe (AnVir Software)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKCU..\Run: [Sup_NetworkMon.exe] C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_NetworkMon.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Delores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\K-Meleon Loader.lnk = C:\Program Files (x86)\K-Meleon\loader.exe ()
O4 - Startup: C:\Users\Delores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OOo-dev 3.3.lnk = C:\Program Files (x86)\OOo-dev 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{40d7ddd4-c390-11df-a21b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{40d7ddd4-c390-11df-a21b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- [2009/11/13 14:25:22 | 003,280,672 | ---- | M] (Western Digital)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 05:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010/11/24 05:11:40 | 000,000,000 | ---D | C] -- C:\rsit
[2010/11/24 05:07:28 | 000,000,000 | ---D | C] -- C:\Users\Delores\AppData\Roaming\Malwarebytes
[2010/11/24 05:07:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/24 05:07:18 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/24 05:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/24 05:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/24 03:00:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/11/24 03:00:47 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/11/24 03:00:47 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/11/24 03:00:46 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/11/20 07:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/20 07:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/20 06:50:26 | 000,000,000 | ---D | C] -- C:\Users\Delores\AppData\Roaming\BlogDesk
[2010/11/20 06:48:49 | 000,765,952 | ---- | C] (Polar) -- C:\Windows\SysWow64\PolarSpellChecker.dll
[2010/11/20 06:48:49 | 000,536,576 | ---- | C] (Softel vdm, Inc) -- C:\Windows\SysWow64\SftTree_IX86_A_45.ocx
[2010/11/20 06:48:49 | 000,276,320 | ---- | C] (Catalyst Development Corporation) -- C:\Windows\SysWow64\csftpapi.dll
[2010/11/20 06:48:49 | 000,202,576 | ---- | C] (Catalyst Development Corporation) -- C:\Windows\SysWow64\csncdapi.dll
[2010/11/20 06:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlogDesk
[2010/11/19 14:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/11/19 13:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black List Software
[2010/11/19 13:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar
[2010/11/19 13:18:08 | 000,000,000 | ---D | C] -- C:\Users\Delores\AppData\Roaming\SlimBrowser
[2010/11/18 05:10:59 | 000,000,000 | ---D | C] -- C:\Users\Delores\Documents\Celeste
[2010/11/09 08:27:09 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/11/09 08:27:09 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/11/09 08:27:09 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/11/09 08:27:05 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/11/09 08:27:05 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/11/09 08:27:05 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/11/09 08:27:04 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/11/09 08:26:59 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

========== Files - Modified Within 30 Days ==========

[2010/11/24 05:27:20 | 000,025,096 | ---- | M] () -- C:\Users\Delores\Documents\info2.rtf
[2010/11/24 05:07:23 | 000,000,995 | ---- | M] () -- C:\Users\Delores\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/24 05:02:34 | 000,339,991 | ---- | M] () -- C:\Users\Delores\Desktop\RSIT.exe
[2010/11/24 04:56:39 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/24 04:56:39 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/24 04:52:40 | 000,847,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/24 04:52:40 | 000,711,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/24 04:52:40 | 000,137,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/24 04:46:01 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2010/11/24 04:46:01 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/11/24 04:45:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/24 04:45:27 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/20 07:14:52 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/20 06:48:49 | 000,000,929 | ---- | M] () -- C:\Users\Delores\Application Data\Microsoft\Internet Explorer\Quick Launch\BlogDesk.lnk
[2010/11/20 06:34:32 | 000,489,937 | ---- | M] () -- C:\Users\Delores\Documents\blogdesk-help.pdf
[2010/11/19 13:37:19 | 000,002,625 | ---- | M] () -- C:\Users\Public\Desktop\Assassin SE.lnk
[2010/11/17 08:06:13 | 000,001,254 | ---- | M] () -- C:\Users\Delores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/11/14 22:00:04 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/11/12 11:18:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDelores.job
[2010/11/12 07:42:20 | 000,001,896 | ---- | M] () -- C:\Users\Delores\Desktop\Notes for Review - Shortcut.lnk
[2010/11/09 08:36:51 | 000,001,925 | ---- | M] () -- C:\Users\Delores\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/08 22:55:57 | 001,502,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/11/08 22:50:17 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/11/01 18:03:02 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/11/01 17:57:37 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/26 17:27:02 | 000,030,424 | ---- | M] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/10/26 17:26:56 | 000,019,576 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe

========== Files Created - No Company Name ==========

[2010/11/24 05:27:20 | 000,025,096 | ---- | C] () -- C:\Users\Delores\Documents\info2.rtf
[2010/11/24 05:07:23 | 000,000,995 | ---- | C] () -- C:\Users\Delores\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/24 05:03:14 | 000,339,991 | ---- | C] () -- C:\Users\Delores\Desktop\RSIT.exe
[2010/11/20 07:14:52 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/20 06:48:49 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\TidyATL.dll
[2010/11/20 06:48:49 | 000,000,929 | ---- | C] () -- C:\Users\Delores\Application Data\Microsoft\Internet Explorer\Quick Launch\BlogDesk.lnk
[2010/11/20 06:34:46 | 000,489,937 | ---- | C] () -- C:\Users\Delores\Documents\blogdesk-help.pdf
[2010/11/19 13:37:19 | 000,002,625 | ---- | C] () -- C:\Users\Public\Desktop\Assassin SE.lnk
[2010/11/12 07:42:20 | 000,001,896 | ---- | C] () -- C:\Users\Delores\Desktop\Notes for Review - Shortcut.lnk
[2010/10/10 05:02:04 | 000,800,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/22 03:00:40 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/02/09 20:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:C31F31E6
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP