Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

WOLLF.16 Trojan

Started by eye-mind , Nov 24 2010 07:53 AM

  • Please log in to reply

#1
eye-mind
Posted 24 November 2010 - 07:53 AM

eye-mind

    New Member

  • Member
  • Pip
  • 2 posts
Symptoms: Applications do not respond; Windows 7 screen turns black then "start windows normally" screen appears

I have been unsuccessful at erradicating this nasty little trojan from my system(s). I had it on my old machine and here it is on my new one. I don't know where I obtained it. My home network has one other computer. We are both connected to a router, not to each other, and we cannot see each other on the network. We both have the trojan. We both run PC Tools Firewall in "public" mode.

I (despite various contradictions) run several scanners to check for viruses and clear data cache, etc. (MABU,ASC,IOBit,WebRoot) - as some do things better than others but *nothing* even knows what they are looking for with this one. I didn't even know what it was (or how hostile!) until I downloaded a little piece of software from www.majorgeeks.com called Assassin.

What I can determine so far is that once you locate the wininit.exe process id and kill it, the trojan attaches itself to another, *running* process! Spawning or cloning itself immediately.

It sets itself up as a server, listening on a high port number for incoming connections. If I am lucky enough to catch the process it is riding, and that process does not have authorization to access the internet, I can temporarily deny access to the 'net, but once I do that through the firewall, *all* tcp connections shut down and my browser is completely hosed.

This thing is nasty.

I'm not advanced here at all, but I did run a tool that spit out my security logs, and someone definitely used an account (I guess an existing guest account that I didn't know about.. Windows 7 is new to me) and obtained full rights across the board.

Enclosed please find my OTL report. THANK YOU VERY MUCH FOR ANY HELP ANYONE CAN PROVIDE!!

OTL logfile created on: 11/24/2010 5:54:17 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Delores\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.09 Gb Total Space | 415.04 Gb Free Space | 91.40% Space Free | Partition Type: NTFS
Drive D: | 11.57 Gb Total Space | 1.41 Gb Free Space | 12.19% Space Free | Partition Type: NTFS
Drive F: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 3.68 Gb Total Space | 3.33 Gb Free Space | 90.47% Space Free | Partition Type: FAT32
Drive H: | 465.11 Gb Total Space | 402.77 Gb Free Space | 86.60% Space Free | Partition Type: NTFS

Computer Name: DELORES-HP | User Name: Delores | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 05:41:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Delores\Downloads\OTL.exe
PRC - [2010/11/09 08:27:58 | 003,179,328 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/11/09 08:27:51 | 001,378,624 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/10/26 17:27:04 | 003,889,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/10/26 17:26:56 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/09/28 20:33:02 | 002,407,632 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/09/28 19:50:06 | 001,760,464 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_NetworkMon.exe
PRC - [2010/08/20 13:08:28 | 003,467,096 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360.exe
PRC - [2010/07/21 14:43:24 | 000,198,864 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
PRC - [2010/07/21 06:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi.exe
PRC - [2010/07/09 17:08:04 | 002,712,920 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2010/06/11 17:14:24 | 001,280,344 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360tray.exe
PRC - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe
PRC - [2010/04/02 14:23:22 | 001,733,856 | ---- | M] (AnVir Software) -- C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe
PRC - [2010/02/04 14:29:18 | 000,584,704 | ---- | M] (http://kmeleon.sf.net/) -- C:\Program Files (x86)\K-Meleon\k-meleon.exe
PRC - [2010/01/18 12:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2010/01/12 10:41:00 | 003,168,216 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/11/20 18:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/10/09 05:50:22 | 002,420,736 | ---- | M] (Created By Michael J. Hardy) -- C:\Program Files (x86)\Ultra-Pad\Ultra-Pad.exe
PRC - [2007/04/15 11:41:00 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\K-Meleon\loader.exe


========== Modules (SafeList) ==========

MOD - [2010/11/24 05:41:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Delores\Downloads\OTL.exe
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/01/04 08:32:34 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/01/04 08:32:32 | 000,502,888 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/09 08:27:58 | 003,179,328 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/10/26 17:27:04 | 003,889,232 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/06/11 17:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2009/11/09 10:20:14 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/09/20 10:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 20:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 20:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\regguard.sys -- (RegGuard)
DRV:64bit: - [2010/10/12 16:57:14 | 000,137,248 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2010/10/12 16:57:12 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/08/18 12:51:18 | 000,254,624 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/07/21 15:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/07 17:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/07/07 09:05:32 | 000,017,464 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/01/24 21:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/01/19 14:44:32 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2010/01/13 07:59:28 | 000,164,496 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplfw64.sys -- (pctplfw)
DRV:64bit: - [2010/01/12 08:34:16 | 000,095,504 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys -- (PCTFW-PacketFilter)
DRV:64bit: - [2010/01/07 11:40:24 | 000,306,648 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/01/07 10:35:10 | 000,081,584 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctNdis64.sys -- (pctNDIS)
DRV:64bit: - [2009/10/27 20:10:02 | 000,346,472 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/10/16 04:05:59 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\regguard.sys -- (RegGuard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/...UGO&form=ZGAPHP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPDSK/1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...GO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: {EDA7B1D7-F793-4e03-B074-E6F303317FB0}:1.2.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: feedly@devhd:4.0
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.8.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.7
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.93
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}:0.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.6
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..keyword.URL: "http://www.bing.com/...form=ZGAADF&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/19 02:40:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\K-Meleon\Extensions\\Plugins: C:\Program Files (x86)\K-Meleon\Plugins [2010/09/29 06:48:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\K-Meleon\Extensions\\Components: C:\Program Files (x86)\K-Meleon\Components [2010/09/29 06:48:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/09 08:36:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/09 08:36:49 | 000,000,000 | ---D | M]

[2010/09/18 11:05:37 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Extensions
[2010/11/23 14:28:45 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions
[2010/11/09 08:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/11/19 13:00:01 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010/09/18 11:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2010/09/18 11:46:45 | 000,000,000 | ---D | M] (Googlepedia) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{1ABADB6E-DC4B-11DA-9F70-791A9CD9513E}
[2010/09/18 11:46:45 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010/09/18 11:46:51 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/11/14 09:37:51 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/11/13 11:10:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/11/16 13:05:42 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/09/18 11:46:47 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/10/11 08:30:07 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/11/13 11:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/09/18 11:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010/09/18 11:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/11/13 11:10:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/11 08:30:07 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/09/18 11:46:53 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/09/18 11:46:54 | 000,000,000 | ---D | M] (Menu Editor) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
[2010/11/19 13:00:01 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/09/18 11:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010/11/13 11:10:12 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/09/18 11:46:45 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/13 11:10:43 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\feedly@devhd
[2010/11/13 11:10:35 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/09/26 07:20:22 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/09/18 11:46:47 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/09/18 11:46:44 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/10/19 09:48:09 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/19 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/13 11:10:50 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/13 11:10:34 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/09/18 11:46:45 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\wikilook@testpilot
[2010/11/13 11:10:29 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\[email protected]
[2010/11/13 11:10:42 | 000,000,000 | ---D | M] -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\extensions\feedly@devhd\content\app\extension
[2010/11/19 13:18:53 | 000,001,919 | ---- | M] () -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\searchplugins\bing-zugo.xml
[2010/09/26 07:02:30 | 000,002,380 | ---- | M] () -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\searchplugins\deviantart.xml
[2010/09/26 07:03:44 | 000,002,352 | ---- | M] () -- C:\Users\Delores\AppData\Roaming\Mozilla\Firefox\Profiles\on1w6dlq.default\searchplugins\search-firefox-addons.xml
[2010/11/13 11:11:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/16 06:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 03:53:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/18 06:34:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\plugins\extensions
[2010/09/18 06:34:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\plugins\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/18 06:34:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\plugins\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 03:53:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/24 03:17:55 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [00PCTFW] C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files (x86)\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Western Digital\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKCU..\Run: [AnVir Task Manager Free] C:\Program Files (x86)\AnVir Task Manager Free\AnVir.exe (AnVir Software)
O4 - HKCU..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe (IObit)
O4 - HKCU..\Run: [Sup_NetworkMon.exe] C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_NetworkMon.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Delores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\K-Meleon Loader.lnk = C:\Program Files (x86)\K-Meleon\loader.exe ()
O4 - Startup: C:\Users\Delores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OOo-dev 3.3.lnk = C:\Program Files (x86)\OOo-dev 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll (IObit)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{40d7ddd4-c390-11df-a21b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{40d7ddd4-c390-11df-a21b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- [2009/11/13 14:25:22 | 003,280,672 | ---- | M] (Western Digital)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 05:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010/11/24 05:11:40 | 000,000,000 | ---D | C] -- C:\rsit
[2010/11/24 05:07:28 | 000,000,000 | ---D | C] -- C:\Users\Delores\AppData\Roaming\Malwarebytes
[2010/11/24 05:07:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/11/24 05:07:18 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/11/24 05:07:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/11/24 05:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/24 03:00:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/11/24 03:00:47 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/11/24 03:00:47 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/11/24 03:00:46 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/11/20 07:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/11/20 07:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/11/20 06:50:26 | 000,000,000 | ---D | C] -- C:\Users\Delores\AppData\Roaming\BlogDesk
[2010/11/20 06:48:49 | 000,765,952 | ---- | C] (Polar) -- C:\Windows\SysWow64\PolarSpellChecker.dll
[2010/11/20 06:48:49 | 000,536,576 | ---- | C] (Softel vdm, Inc) -- C:\Windows\SysWow64\SftTree_IX86_A_45.ocx
[2010/11/20 06:48:49 | 000,276,320 | ---- | C] (Catalyst Development Corporation) -- C:\Windows\SysWow64\csftpapi.dll
[2010/11/20 06:48:49 | 000,202,576 | ---- | C] (Catalyst Development Corporation) -- C:\Windows\SysWow64\csncdapi.dll
[2010/11/20 06:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlogDesk
[2010/11/19 14:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010/11/19 13:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black List Software
[2010/11/19 13:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Toolbar
[2010/11/19 13:18:08 | 000,000,000 | ---D | C] -- C:\Users\Delores\AppData\Roaming\SlimBrowser
[2010/11/18 05:10:59 | 000,000,000 | ---D | C] -- C:\Users\Delores\Documents\Celeste
[2010/11/09 08:27:09 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/11/09 08:27:09 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/11/09 08:27:09 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/11/09 08:27:05 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/11/09 08:27:05 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/11/09 08:27:05 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/11/09 08:27:04 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/11/09 08:26:59 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

========== Files - Modified Within 30 Days ==========

[2010/11/24 05:27:20 | 000,025,096 | ---- | M] () -- C:\Users\Delores\Documents\info2.rtf
[2010/11/24 05:07:23 | 000,000,995 | ---- | M] () -- C:\Users\Delores\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/24 05:02:34 | 000,339,991 | ---- | M] () -- C:\Users\Delores\Desktop\RSIT.exe
[2010/11/24 04:56:39 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/24 04:56:39 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/24 04:52:40 | 000,847,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/24 04:52:40 | 000,711,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/24 04:52:40 | 000,137,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/24 04:46:01 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2010/11/24 04:46:01 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/11/24 04:45:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/24 04:45:27 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/20 07:14:52 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/20 06:48:49 | 000,000,929 | ---- | M] () -- C:\Users\Delores\Application Data\Microsoft\Internet Explorer\Quick Launch\BlogDesk.lnk
[2010/11/20 06:34:32 | 000,489,937 | ---- | M] () -- C:\Users\Delores\Documents\blogdesk-help.pdf
[2010/11/19 13:37:19 | 000,002,625 | ---- | M] () -- C:\Users\Public\Desktop\Assassin SE.lnk
[2010/11/17 08:06:13 | 000,001,254 | ---- | M] () -- C:\Users\Delores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2010/11/14 22:00:04 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/11/12 11:18:20 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDelores.job
[2010/11/12 07:42:20 | 000,001,896 | ---- | M] () -- C:\Users\Delores\Desktop\Notes for Review - Shortcut.lnk
[2010/11/09 08:36:51 | 000,001,925 | ---- | M] () -- C:\Users\Delores\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/08 22:55:57 | 001,502,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/11/08 22:50:17 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/11/01 18:03:02 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/11/01 17:57:37 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/10/26 17:27:02 | 000,030,424 | ---- | M] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/10/26 17:26:56 | 000,019,576 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe

========== Files Created - No Company Name ==========

[2010/11/24 05:27:20 | 000,025,096 | ---- | C] () -- C:\Users\Delores\Documents\info2.rtf
[2010/11/24 05:07:23 | 000,000,995 | ---- | C] () -- C:\Users\Delores\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/11/24 05:03:14 | 000,339,991 | ---- | C] () -- C:\Users\Delores\Desktop\RSIT.exe
[2010/11/20 07:14:52 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/11/20 06:48:49 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\TidyATL.dll
[2010/11/20 06:48:49 | 000,000,929 | ---- | C] () -- C:\Users\Delores\Application Data\Microsoft\Internet Explorer\Quick Launch\BlogDesk.lnk
[2010/11/20 06:34:46 | 000,489,937 | ---- | C] () -- C:\Users\Delores\Documents\blogdesk-help.pdf
[2010/11/19 13:37:19 | 000,002,625 | ---- | C] () -- C:\Users\Public\Desktop\Assassin SE.lnk
[2010/11/12 07:42:20 | 000,001,896 | ---- | C] () -- C:\Users\Delores\Desktop\Notes for Review - Shortcut.lnk
[2010/10/10 05:02:04 | 000,800,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/22 03:00:40 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/02/09 20:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:C31F31E6
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP