Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Malware


  • This topic is locked This topic is locked
47 replies to this topic

#31 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:21 PM

Posted 31 October 2010 - 11:09 PM

Let me see the report from Mcafee


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

BC AdBot (Login to Remove)

 


#32 dpogue

dpogue
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 01 November 2010 - 04:45 AM

Ok, so here is the McAfee report I mentioned in my PM, but only for the month of October because the log goes back through January... if you would like me to post earlier months, please let me know:

10/1/2010 5:52:37 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs

10/1/2010 5:52:37 PM Engine version = 5400.1158
10/1/2010 5:52:37 PM AntiVirus DAT version = 6122.0
10/1/2010 5:52:37 PM Number of detection signatures in EXTRA.DAT = None
10/1/2010 5:52:37 PM Names of detection signatures in EXTRA.DAT = None

10/2/2010 5:43:13 PM Engine version = 5400.1158
10/2/2010 5:43:13 PM AntiVirus DAT version = 6123.0
10/2/2010 5:43:13 PM Number of detection signatures in EXTRA.DAT = None
10/2/2010 5:43:13 PM Names of detection signatures in EXTRA.DAT = None
10/2/2010 5:43:18 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs
10/2/2010 5:43:18 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\ProgramData\McAfee\Common Framework\DB\Agent_RIPMABOLZI-PC.xml
10/3/2010 5:55:30 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs

10/3/2010 5:55:30 PM Engine version = 5400.1158
10/3/2010 5:55:30 PM AntiVirus DAT version = 6124.0
10/3/2010 5:55:30 PM Number of detection signatures in EXTRA.DAT = None
10/3/2010 5:55:30 PM Names of detection signatures in EXTRA.DAT = None
10/4/2010 5:50:33 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs

10/4/2010 5:50:33 PM Engine version = 5400.1158
10/4/2010 5:50:33 PM AntiVirus DAT version = 6125.0
10/4/2010 5:50:33 PM Number of detection signatures in EXTRA.DAT = None
10/4/2010 5:50:33 PM Names of detection signatures in EXTRA.DAT = None

10/5/2010 5:32:38 PM Engine version = 5400.1158
10/5/2010 5:32:38 PM AntiVirus DAT version = 6126.0
10/5/2010 5:32:38 PM Number of detection signatures in EXTRA.DAT = None
10/5/2010 5:32:38 PM Names of detection signatures in EXTRA.DAT = None
10/5/2010 5:32:38 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs
10/5/2010 5:32:43 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\ProgramData\McAfee\Common Framework\DB\Agent_RIPMABOLZI-PC.xml
10/7/2010 5:53:15 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\ProgramData\McAfee\Common Framework\DB\Agent_RIPMABOLZI-PC.xml

10/7/2010 5:53:15 PM Engine version = 5400.1158
10/7/2010 5:53:15 PM AntiVirus DAT version = 6128.0
10/7/2010 5:53:15 PM Number of detection signatures in EXTRA.DAT = None
10/7/2010 5:53:15 PM Names of detection signatures in EXTRA.DAT = None
10/7/2010 5:53:19 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\ProgramData\SupportSoft\DellSupportCenter\SYSTEM\data\manifest.xml
10/7/2010 5:53:19 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs
10/8/2010 7:53:54 PM Not scanned (scan timed out) NT AUTHORITY\NETWORK SERVICE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\wbem\Logs\FrameWork.log

10/8/2010 7:53:54 PM Engine version = 5400.1158
10/8/2010 7:53:54 PM AntiVirus DAT version = 6129.0
10/8/2010 7:53:54 PM Number of detection signatures in EXTRA.DAT = None
10/8/2010 7:53:54 PM Names of detection signatures in EXTRA.DAT = None
10/8/2010 7:53:57 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Windows\system32\wbem\wmiprvse.exe I:\Support\Redist\Microsoft WSE 3.0 Runtime.msi
10/8/2010 7:53:57 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\BOCVSE__1000\BocDet_VSE.McS
10/9/2010 12:27:08 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\ProgramData\McAfee\Common Framework\DB\Agent_RIPMABOLZI-PC.xml

10/9/2010 12:27:08 PM Engine version = 5400.1158
10/9/2010 12:27:08 PM AntiVirus DAT version = 6130.0
10/9/2010 12:27:08 PM Number of detection signatures in EXTRA.DAT = None
10/9/2010 12:27:08 PM Names of detection signatures in EXTRA.DAT = None
10/9/2010 12:27:08 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Windows\system32\SearchProtocolHost.exe C:\Users\Rip Mabolzi\Desktop\Mother McCree's Uptown Jug Champions\06 Big Fat Woman.mp3
10/9/2010 12:27:08 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs
10/10/2010 5:17:27 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\Windows\Temp\Cbmgr24047

10/10/2010 5:17:27 PM Engine version = 5400.1158
10/10/2010 5:17:27 PM AntiVirus DAT version = 6131.0
10/10/2010 5:17:27 PM Number of detection signatures in EXTRA.DAT = None
10/10/2010 5:17:27 PM Names of detection signatures in EXTRA.DAT = None
10/10/2010 5:17:31 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Windows\System32\svchost.exe C:\Windows\Prefetch\SKYPENAMES2.EXE-59372FBA.pf
10/11/2010 5:08:31 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM
10/11/2010 5:08:31 PM Engine version = 5400.1158
10/11/2010 5:08:31 PM AntiVirus DAT version = 6132.0
10/11/2010 5:08:31 PM Number of detection signatures in EXTRA.DAT = None
10/11/2010 5:08:31 PM Names of detection signatures in EXTRA.DAT = None
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs
10/12/2010 4:19:20 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\rip_mabolzi@atdmt[1].txt\00000000.ie Cookie-Atdmt (Potentially Unwanted Program)
10/12/2010 5:03:34 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs

10/12/2010 5:03:34 PM Engine version = 5400.1158
10/12/2010 5:03:34 PM AntiVirus DAT version = 6133.0
10/12/2010 5:03:34 PM Number of detection signatures in EXTRA.DAT = None
10/12/2010 5:03:34 PM Names of detection signatures in EXTRA.DAT = None
10/12/2010 5:03:36 PM Not scanned (scan timed out) RipMabolzi-PC\Rip Mabolzi C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Rip Mabolzi\AppData\Roaming\Mozilla\Firefox\Profiles\hwkzx3ai.default\sessionstore-2.js

10/12/2010 10:23:17 PM Statistics:
10/12/2010 10:23:17 PM Files scanned: 383176
10/12/2010 10:23:17 PM Files detected: 1
10/12/2010 10:23:17 PM Files cleaned: 0
10/12/2010 10:23:17 PM Files deleted: 1

10/12/2010 10:25:03 PM Engine version = 5400.1158
10/12/2010 10:25:03 PM AntiVirus DAT version = 6133.0
10/12/2010 10:25:03 PM Number of detection signatures in EXTRA.DAT = None
10/12/2010 10:25:03 PM Names of detection signatures in EXTRA.DAT = None

10/12/2010 11:16:27 PM Engine version = 5400.1158
10/12/2010 11:16:27 PM AntiVirus DAT version = 6133.0
10/12/2010 11:16:27 PM Number of detection signatures in EXTRA.DAT = None
10/12/2010 11:16:27 PM Names of detection signatures in EXTRA.DAT = None
10/13/2010 5:03:30 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\ProgramData\McAfee\Common Framework\DB\Agent_RIPMABOLZI-PC.xml

10/13/2010 5:03:30 PM Engine version = 5400.1158
10/13/2010 5:03:30 PM AntiVirus DAT version = 6134.0
10/13/2010 5:03:30 PM Number of detection signatures in EXTRA.DAT = None
10/13/2010 5:03:30 PM Names of detection signatures in EXTRA.DAT = None
10/13/2010 5:03:30 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs

10/14/2010 3:30:36 AM Statistics:
10/14/2010 3:30:36 AM Files scanned: 43417
10/14/2010 3:30:36 AM Files detected: 0
10/14/2010 3:30:36 AM Files cleaned: 0
10/14/2010 3:30:36 AM Files deleted: 0

10/14/2010 3:32:57 AM Engine version = 5400.1158
10/14/2010 3:32:57 AM AntiVirus DAT version = 6134.0
10/14/2010 3:32:57 AM Number of detection signatures in EXTRA.DAT = None
10/14/2010 3:32:57 AM Names of detection signatures in EXTRA.DAT = None

10/14/2010 1:49:39 PM Statistics:
10/14/2010 1:49:39 PM Files scanned: 8838
10/14/2010 1:49:39 PM Files detected: 0
10/14/2010 1:49:39 PM Files cleaned: 0
10/14/2010 1:49:39 PM Files deleted: 0

10/14/2010 1:50:56 PM Engine version = 5400.1158
10/14/2010 1:50:56 PM AntiVirus DAT version = 6134.0
10/14/2010 1:50:56 PM Number of detection signatures in EXTRA.DAT = None
10/14/2010 1:50:56 PM Names of detection signatures in EXTRA.DAT = None

10/14/2010 5:22:32 PM Statistics:
10/14/2010 5:22:32 PM Files scanned: 5270
10/14/2010 5:22:32 PM Files detected: 0
10/14/2010 5:22:32 PM Files cleaned: 0
10/14/2010 5:22:32 PM Files deleted: 0

10/14/2010 5:22:58 PM Engine version = 5400.1158
10/14/2010 5:22:58 PM AntiVirus DAT version = 6135.0
10/14/2010 5:22:58 PM Number of detection signatures in EXTRA.DAT = None
10/14/2010 5:22:58 PM Names of detection signatures in EXTRA.DAT = None

10/15/2010 12:35:19 PM Engine version = 5400.1158
10/15/2010 12:35:19 PM AntiVirus DAT version = 6136.0
10/15/2010 12:35:19 PM Number of detection signatures in EXTRA.DAT = None
10/15/2010 12:35:19 PM Names of detection signatures in EXTRA.DAT = None

10/16/2010 1:22:19 PM Engine version = 5400.1158
10/16/2010 1:22:19 PM AntiVirus DAT version = 6137.0
10/16/2010 1:22:19 PM Number of detection signatures in EXTRA.DAT = None
10/16/2010 1:22:19 PM Names of detection signatures in EXTRA.DAT = None

10/17/2010 6:50:14 PM Statistics:
10/17/2010 6:50:14 PM Files scanned: 214632
10/17/2010 6:50:14 PM Files detected: 0
10/17/2010 6:50:14 PM Files cleaned: 0
10/17/2010 6:50:14 PM Files deleted: 0

10/17/2010 6:56:11 PM Engine version = 5400.1158
10/17/2010 6:56:11 PM AntiVirus DAT version = 6137.0
10/17/2010 6:56:11 PM Number of detection signatures in EXTRA.DAT = None
10/17/2010 6:56:11 PM Names of detection signatures in EXTRA.DAT = None
10/17/2010 7:02:32 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\ProgramData\McAfee\Common Framework\DB\Agent_RIPMABOLZI-PC.xml

10/17/2010 7:02:32 PM Engine version = 5400.1158
10/17/2010 7:02:32 PM AntiVirus DAT version = 6138.0
10/17/2010 7:02:32 PM Number of detection signatures in EXTRA.DAT = None
10/17/2010 7:02:32 PM Names of detection signatures in EXTRA.DAT = None
10/17/2010 7:02:39 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe C:\ProgramData\McAfee\Common Framework\AgentEvents\2010101719021558400000A48.xml
10/17/2010 7:02:39 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Windows\system32\SearchProtocolHost.exe C:\Users\Rip Mabolzi\Documents\Documents\Dell WebCam Central\Video Recording\20100422\050019.wmv
10/17/2010 7:02:40 PM Not scanned (scan timed out) NT AUTHORITY\NETWORK SERVICE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\inf\volume.inf
10/17/2010 7:02:40 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs

10/17/2010 8:11:35 PM Statistics:
10/17/2010 8:11:35 PM Files scanned: 28909
10/17/2010 8:11:35 PM Files detected: 0
10/17/2010 8:11:35 PM Files cleaned: 0
10/17/2010 8:11:35 PM Files deleted: 0

10/17/2010 8:18:26 PM Engine version = 5400.1158
10/17/2010 8:18:26 PM AntiVirus DAT version = 6138.0
10/17/2010 8:18:26 PM Number of detection signatures in EXTRA.DAT = None
10/17/2010 8:18:26 PM Names of detection signatures in EXTRA.DAT = None

10/18/2010 5:25:09 PM Engine version = 5400.1158
10/18/2010 5:25:09 PM AntiVirus DAT version = 6139.0
10/18/2010 5:25:09 PM Number of detection signatures in EXTRA.DAT = None
10/18/2010 5:25:09 PM Names of detection signatures in EXTRA.DAT = None

10/19/2010 5:18:04 PM Engine version = 5400.1158
10/19/2010 5:18:04 PM AntiVirus DAT version = 6140.0
10/19/2010 5:18:04 PM Number of detection signatures in EXTRA.DAT = None
10/19/2010 5:18:04 PM Names of detection signatures in EXTRA.DAT = None
10/19/2010 10:14:45 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@atdmt[2].txt\00000000.ie Cookie-Atdmt (Potentially Unwanted Program)
10/19/2010 10:14:46 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@tribalfusion[2].txt\00000000.ie Cookie-Tribalfusion (Potentially Unwanted Program)
10/19/2010 10:15:37 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@atdmt[1].txt\00000000.ie Cookie-Atdmt (Potentially Unwanted Program)
10/19/2010 10:15:37 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@tribalfusion[1].txt\00000000.ie Cookie-Tribalfusion (Potentially Unwanted Program)
10/19/2010 10:15:38 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@casalemedia[2].txt\00000000.ie Cookie-Casalemedia (Potentially Unwanted Program)

10/19/2010 10:17:02 PM Statistics:
10/19/2010 10:17:02 PM Files scanned: 225710
10/19/2010 10:17:02 PM Files detected: 12
10/19/2010 10:17:02 PM Files cleaned: 0
10/19/2010 10:17:02 PM Files deleted: 12

10/19/2010 10:18:04 PM Engine version = 5400.1158
10/19/2010 10:18:04 PM AntiVirus DAT version = 6140.0
10/19/2010 10:18:04 PM Number of detection signatures in EXTRA.DAT = None
10/19/2010 10:18:04 PM Names of detection signatures in EXTRA.DAT = None
10/20/2010 5:28:02 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\ProgramData\McAfee\Common Framework\Current\EXTRADAT1000\extradat.mcs

10/20/2010 5:28:02 PM Engine version = 5400.1158
10/20/2010 5:28:02 PM AntiVirus DAT version = 6141.0
10/20/2010 5:28:02 PM Number of detection signatures in EXTRA.DAT = None
10/20/2010 5:28:02 PM Names of detection signatures in EXTRA.DAT = None

10/21/2010 5:58:58 PM Engine version = 5400.1158
10/21/2010 5:58:58 PM AntiVirus DAT version = 6142.0
10/21/2010 5:58:58 PM Number of detection signatures in EXTRA.DAT = None
10/21/2010 5:58:58 PM Names of detection signatures in EXTRA.DAT = None

10/22/2010 5:39:35 PM Engine version = 5400.1158
10/22/2010 5:39:35 PM AntiVirus DAT version = 6143.0
10/22/2010 5:39:35 PM Number of detection signatures in EXTRA.DAT = None
10/22/2010 5:39:35 PM Names of detection signatures in EXTRA.DAT = None

10/22/2010 9:00:08 PM Statistics:
10/22/2010 9:00:08 PM Files scanned: 59569
10/22/2010 9:00:08 PM Files detected: 0
10/22/2010 9:00:08 PM Files cleaned: 0
10/22/2010 9:00:08 PM Files deleted: 0

10/22/2010 9:01:19 PM Engine version = 5400.1158
10/22/2010 9:01:19 PM AntiVirus DAT version = 6143.0
10/22/2010 9:01:19 PM Number of detection signatures in EXTRA.DAT = None
10/22/2010 9:01:19 PM Names of detection signatures in EXTRA.DAT = None

10/23/2010 2:48:19 PM Engine version = 5400.1158
10/23/2010 2:48:19 PM AntiVirus DAT version = 6143.0
10/23/2010 2:48:19 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 2:48:19 PM Names of detection signatures in EXTRA.DAT = None

10/23/2010 2:52:58 PM Engine version = 5400.1158
10/23/2010 2:52:58 PM AntiVirus DAT version = 6143.0
10/23/2010 2:52:58 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 2:52:58 PM Names of detection signatures in EXTRA.DAT = None

10/23/2010 3:17:56 PM Engine version = 5400.1158
10/23/2010 3:17:56 PM AntiVirus DAT version = 6143.0
10/23/2010 3:17:56 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 3:17:56 PM Names of detection signatures in EXTRA.DAT = None

10/23/2010 5:11:27 PM Statistics:
10/23/2010 5:11:27 PM Files scanned: 34567
10/23/2010 5:11:27 PM Files detected: 0
10/23/2010 5:11:27 PM Files cleaned: 0
10/23/2010 5:11:27 PM Files deleted: 0

10/23/2010 5:11:38 PM Engine version = 5400.1158
10/23/2010 5:11:38 PM AntiVirus DAT version = 6144.0
10/23/2010 5:11:38 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 5:11:38 PM Names of detection signatures in EXTRA.DAT = None

10/23/2010 6:12:00 PM Engine version = 5400.1158
10/23/2010 6:12:00 PM AntiVirus DAT version = 6144.0
10/23/2010 6:12:00 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 6:12:00 PM Names of detection signatures in EXTRA.DAT = None

10/23/2010 6:41:01 PM Statistics:
10/23/2010 6:41:01 PM Files scanned: 5022
10/23/2010 6:41:01 PM Files detected: 0
10/23/2010 6:41:01 PM Files cleaned: 0
10/23/2010 6:41:01 PM Files deleted: 0

10/23/2010 6:42:04 PM Engine version = 5400.1158
10/23/2010 6:42:04 PM AntiVirus DAT version = 6144.0
10/23/2010 6:42:04 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 6:42:04 PM Names of detection signatures in EXTRA.DAT = None
10/23/2010 7:02:45 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@doubleclick[1].txt\00000000.ie Cookie-Doubleclick (Potentially Unwanted Program)
10/23/2010 7:02:48 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@2o7[2].txt\00000000.ie Cookie-2O7 (Potentially Unwanted Program)
10/23/2010 7:02:49 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@imrworldwide[2].txt\00000000.ie Cookie-Imrworldwide (Potentially Unwanted Program)
10/23/2010 7:02:54 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@2o7[1].txt\00000000.ie Cookie-2O7 (Potentially Unwanted Program)

10/23/2010 8:57:03 PM Engine version = 5400.1158
10/23/2010 8:57:03 PM AntiVirus DAT version = 6144.0
10/23/2010 8:57:03 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 8:57:03 PM Names of detection signatures in EXTRA.DAT = None

10/23/2010 8:57:37 PM Engine version = 5400.1158
10/23/2010 8:57:37 PM AntiVirus DAT version = 6144.0
10/23/2010 8:57:37 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 8:57:37 PM Names of detection signatures in EXTRA.DAT = None
10/23/2010 9:01:12 PM Deleted (Clean failed because the detection isn't cleanable) RipMabolzi-PC\Rip Mabolzi C:\ComboFix\CF8388.cfxxe C:\Users\RIPMAB~1\AppData\Local\Temp\Av-test.txt EICAR test file (Test)

10/23/2010 9:09:15 PM Statistics:
10/23/2010 9:09:15 PM Files scanned: 23097
10/23/2010 9:09:15 PM Files detected: 6
10/23/2010 9:09:15 PM Files cleaned: 0
10/23/2010 9:09:15 PM Files deleted: 6

10/23/2010 9:10:29 PM Engine version = 5400.1158
10/23/2010 9:10:29 PM AntiVirus DAT version = 6144.0
10/23/2010 9:10:29 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 9:10:29 PM Names of detection signatures in EXTRA.DAT = None

10/23/2010 9:17:23 PM Engine version = 5400.1158
10/23/2010 9:17:23 PM AntiVirus DAT version = 6144.0
10/23/2010 9:17:23 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 9:17:23 PM Names of detection signatures in EXTRA.DAT = None

10/23/2010 9:34:04 PM Statistics:
10/23/2010 9:34:04 PM Files scanned: 6972
10/23/2010 9:34:04 PM Files detected: 0
10/23/2010 9:34:04 PM Files cleaned: 0
10/23/2010 9:34:04 PM Files deleted: 0

10/23/2010 9:35:09 PM Engine version = 5400.1158
10/23/2010 9:35:09 PM AntiVirus DAT version = 6144.0
10/23/2010 9:35:09 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 9:35:09 PM Names of detection signatures in EXTRA.DAT = None

10/23/2010 9:49:49 PM Engine version = 5400.1158
10/23/2010 9:49:49 PM AntiVirus DAT version = 6144.0
10/23/2010 9:49:49 PM Number of detection signatures in EXTRA.DAT = None
10/23/2010 9:49:49 PM Names of detection signatures in EXTRA.DAT = None
10/24/2010 1:31:17 AM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\rip_mabolzi@atdmt[1].txt\00000000.ie Cookie-Atdmt (Potentially Unwanted Program)

10/24/2010 2:45:46 PM Statistics:
10/24/2010 2:45:46 PM Files scanned: 28280
10/24/2010 2:45:46 PM Files detected: 1
10/24/2010 2:45:46 PM Files cleaned: 0
10/24/2010 2:45:46 PM Files deleted: 1

10/24/2010 2:47:02 PM Engine version = 5400.1158
10/24/2010 2:47:02 PM AntiVirus DAT version = 6144.0
10/24/2010 2:47:02 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 2:47:02 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 3:16:56 PM Engine version = 5400.1158
10/24/2010 3:16:56 PM AntiVirus DAT version = 6144.0
10/24/2010 3:16:56 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 3:16:56 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 3:31:39 PM Statistics:
10/24/2010 3:31:39 PM Files scanned: 7244
10/24/2010 3:31:39 PM Files detected: 0
10/24/2010 3:31:39 PM Files cleaned: 0
10/24/2010 3:31:39 PM Files deleted: 0

10/24/2010 3:32:35 PM Engine version = 5400.1158
10/24/2010 3:32:35 PM AntiVirus DAT version = 6144.0
10/24/2010 3:32:35 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 3:32:35 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 5:15:49 PM Statistics:
10/24/2010 5:15:49 PM Files scanned: 14159
10/24/2010 5:15:49 PM Files detected: 0
10/24/2010 5:15:49 PM Files cleaned: 0
10/24/2010 5:15:49 PM Files deleted: 0

10/24/2010 5:16:44 PM Engine version = 5400.1158
10/24/2010 5:16:44 PM AntiVirus DAT version = 6144.0
10/24/2010 5:16:44 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 5:16:44 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 5:20:08 PM Engine version = 5400.1158
10/24/2010 5:20:08 PM AntiVirus DAT version = 6145.0
10/24/2010 5:20:08 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 5:20:08 PM Names of detection signatures in EXTRA.DAT = None
10/24/2010 8:27:17 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@doubleclick[1].txt\00000000.ie Cookie-Doubleclick (Potentially Unwanted Program)
10/24/2010 8:27:58 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\rip_mabolzi@atdmt[1].txt\00000000.ie Cookie-Atdmt (Potentially Unwanted Program)
10/24/2010 8:28:33 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\rip_mabolzi@ehg-eset.hitbox[1].txt\00000000.ie Cookie-Hitbox (Potentially Unwanted Program)
10/24/2010 8:28:33 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\rip_mabolzi@hitbox[2].txt\00000000.ie Cookie-Hitbox (Potentially Unwanted Program)
10/24/2010 8:28:34 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\rip_mabolzi@eset.122.2o7[1].txt\00000000.ie Cookie-2O7 (Potentially Unwanted Program)

10/24/2010 8:31:46 PM Engine version = 5400.1158
10/24/2010 8:31:46 PM AntiVirus DAT version = 6145.0
10/24/2010 8:31:46 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 8:31:46 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 8:46:59 PM Engine version = 5400.1158
10/24/2010 8:46:59 PM AntiVirus DAT version = 6145.0
10/24/2010 8:46:59 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 8:46:59 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 9:02:14 PM Engine version = 5400.1158
10/24/2010 9:02:14 PM AntiVirus DAT version = 6145.0
10/24/2010 9:02:14 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 9:02:14 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 9:03:04 PM Engine version = 5400.1158
10/24/2010 9:03:04 PM AntiVirus DAT version = 6145.0
10/24/2010 9:03:04 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 9:03:04 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 9:17:45 PM Engine version = 5400.1158
10/24/2010 9:17:45 PM AntiVirus DAT version = 6145.0
10/24/2010 9:17:45 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 9:17:45 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 9:33:12 PM Engine version = 5400.1158
10/24/2010 9:33:12 PM AntiVirus DAT version = 6145.0
10/24/2010 9:33:12 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 9:33:12 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 9:48:25 PM Engine version = 5400.1158
10/24/2010 9:48:25 PM AntiVirus DAT version = 6145.0
10/24/2010 9:48:25 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 9:48:25 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 10:03:42 PM Engine version = 5400.1158
10/24/2010 10:03:42 PM AntiVirus DAT version = 6145.0
10/24/2010 10:03:42 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 10:03:42 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 10:18:59 PM Engine version = 5400.1158
10/24/2010 10:18:59 PM AntiVirus DAT version = 6145.0
10/24/2010 10:18:59 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 10:18:59 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 10:34:05 PM Engine version = 5400.1158
10/24/2010 10:34:05 PM AntiVirus DAT version = 6145.0
10/24/2010 10:34:05 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 10:34:05 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 10:49:26 PM Engine version = 5400.1158
10/24/2010 10:49:26 PM AntiVirus DAT version = 6145.0
10/24/2010 10:49:26 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 10:49:26 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 11:04:54 PM Engine version = 5400.1158
10/24/2010 11:04:54 PM AntiVirus DAT version = 6145.0
10/24/2010 11:04:54 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 11:04:54 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 11:20:33 PM Engine version = 5400.1158
10/24/2010 11:20:33 PM AntiVirus DAT version = 6145.0
10/24/2010 11:20:33 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 11:20:33 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 11:36:06 PM Engine version = 5400.1158
10/24/2010 11:36:06 PM AntiVirus DAT version = 6145.0
10/24/2010 11:36:06 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 11:36:06 PM Names of detection signatures in EXTRA.DAT = None

10/24/2010 11:45:26 PM Engine version = 5400.1158
10/24/2010 11:45:26 PM AntiVirus DAT version = 6145.0
10/24/2010 11:45:26 PM Number of detection signatures in EXTRA.DAT = None
10/24/2010 11:45:26 PM Names of detection signatures in EXTRA.DAT = None

10/25/2010 2:25:28 PM Engine version = 5400.1158
10/25/2010 2:25:28 PM AntiVirus DAT version = 6145.0
10/25/2010 2:25:28 PM Number of detection signatures in EXTRA.DAT = None
10/25/2010 2:25:28 PM Names of detection signatures in EXTRA.DAT = None

10/26/2010 4:26:31 PM Engine version = 5400.1158
10/26/2010 4:26:31 PM AntiVirus DAT version = 6147.0
10/26/2010 4:26:31 PM Number of detection signatures in EXTRA.DAT = None
10/26/2010 4:26:31 PM Names of detection signatures in EXTRA.DAT = None
10/26/2010 7:44:56 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@atdmt[1].txt\00000000.ie Cookie-Atdmt (Potentially Unwanted Program)
10/26/2010 7:45:01 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@msnservices.112.2o7[1].txt\00000000.ie Cookie-2O7 (Potentially Unwanted Program)
10/26/2010 7:45:18 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@msnportal.112.2o7[1].txt\00000000.ie Cookie-Omniture (Potentially Unwanted Program)
10/26/2010 7:45:18 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@2o7[2].txt\00000000.ie Cookie-2O7 (Potentially Unwanted Program)
10/26/2010 7:45:35 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@2o7[1].txt\00000000.ie Cookie-2O7 (Potentially Unwanted Program)
10/26/2010 7:51:34 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@doubleclick[1].txt\00000000.ie Cookie-Doubleclick (Potentially Unwanted Program)

10/27/2010 11:17:26 AM Statistics:
10/27/2010 11:17:26 AM Files scanned: 188574
10/27/2010 11:17:26 AM Files detected: 13
10/27/2010 11:17:26 AM Files cleaned: 0
10/27/2010 11:17:26 AM Files deleted: 13

10/27/2010 11:18:44 AM Engine version = 5400.1158
10/27/2010 11:18:44 AM AntiVirus DAT version = 6147.0
10/27/2010 11:18:44 AM Number of detection signatures in EXTRA.DAT = None
10/27/2010 11:18:44 AM Names of detection signatures in EXTRA.DAT = None

10/27/2010 5:13:00 PM Engine version = 5400.1158
10/27/2010 5:13:00 PM AntiVirus DAT version = 6148.0
10/27/2010 5:13:00 PM Number of detection signatures in EXTRA.DAT = None
10/27/2010 5:13:00 PM Names of detection signatures in EXTRA.DAT = None

10/28/2010 5:58:15 PM Engine version = 5400.1158
10/28/2010 5:58:15 PM AntiVirus DAT version = 6149.0
10/28/2010 5:58:15 PM Number of detection signatures in EXTRA.DAT = None
10/28/2010 5:58:15 PM Names of detection signatures in EXTRA.DAT = None
10/28/2010 8:37:22 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@ad.yieldmanager[2].txt\00000000.ie Cookie-Yieldmanager (Potentially Unwanted Program)
10/28/2010 8:37:22 PM Not scanned (The file is encrypted) RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@ad.yieldmanager[2].txt\00000000.ie
10/28/2010 8:37:22 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@ad.yieldmanager[2].txt\00000000.ie Cookie-Yieldmanager (Potentially Unwanted Program)
10/28/2010 8:37:22 PM Not scanned (The file is encrypted) RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@ad.yieldmanager[2].txt\00000000.ie
10/28/2010 8:37:22 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@ad.yieldmanager[2].txt\00000000.ie Cookie-Yieldmanager (Potentially Unwanted Program)
10/28/2010 8:37:22 PM Not scanned (The file is encrypted) RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@ad.yieldmanager[2].txt\00000000.ie

10/29/2010 5:57:15 PM Engine version = 5400.1158
10/29/2010 5:57:15 PM AntiVirus DAT version = 6150.0
10/29/2010 5:57:15 PM Number of detection signatures in EXTRA.DAT = None
10/29/2010 5:57:15 PM Names of detection signatures in EXTRA.DAT = None
10/29/2010 7:00:23 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@trafficmp[2].txt\00000000.ie Cookie-Trafficmp (Potentially Unwanted Program)
10/29/2010 7:00:23 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@imrworldwide[2].txt\00000000.ie Cookie-Imrworldwide (Potentially Unwanted Program)
10/29/2010 7:00:23 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@trafficmp[2].txt\00000000.ie Cookie-Trafficmp (Potentially Unwanted Program)
10/29/2010 7:00:23 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@doubleclick[1].txt\00000000.ie Cookie-Doubleclick (Potentially Unwanted Program)
10/29/2010 7:00:23 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@trafficmp[2].txt\00000000.ie Cookie-Trafficmp (Potentially Unwanted Program)
10/29/2010 7:00:24 PM Deleted RipMabolzi-PC\Rip Mabolzi C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@fastclick[1].txt\00000000.ie Cookie-Fastclick (Potentially Unwanted Program)

10/30/2010 6:52:29 PM Engine version = 5400.1158
10/30/2010 6:52:29 PM AntiVirus DAT version = 6151.0
10/30/2010 6:52:29 PM Number of detection signatures in EXTRA.DAT = None
10/30/2010 6:52:29 PM Names of detection signatures in EXTRA.DAT = None

10/31/2010 12:34:38 AM Statistics:
10/31/2010 12:34:38 AM Files scanned: 75151
10/31/2010 12:34:38 AM Files detected: 17
10/31/2010 12:34:38 AM Files cleaned: 0
10/31/2010 12:34:38 AM Files deleted: 14

10/31/2010 1:04:01 AM Engine version = 5400.1158
10/31/2010 1:04:01 AM AntiVirus DAT version = 6151.0
10/31/2010 1:04:01 AM Number of detection signatures in EXTRA.DAT = None
10/31/2010 1:04:01 AM Names of detection signatures in EXTRA.DAT = None

10/31/2010 1:10:07 AM Engine version = 5400.1158
10/31/2010 1:10:07 AM AntiVirus DAT version = 6152.0
10/31/2010 1:10:07 AM Number of detection signatures in EXTRA.DAT = None
10/31/2010 1:10:07 AM Names of detection signatures in EXTRA.DAT = None

10/31/2010 2:12:43 PM Engine version = 5400.1158
10/31/2010 2:12:43 PM AntiVirus DAT version = 6152.0
10/31/2010 2:12:43 PM Number of detection signatures in EXTRA.DAT = None
10/31/2010 2:12:43 PM Names of detection signatures in EXTRA.DAT = None

#33 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:21 PM

Posted 02 November 2010 - 02:00 AM

Hello

Is there a report that says what was removed

10/31/2010 12:34:38 AM Statistics:
10/31/2010 12:34:38 AM Files scanned: 75151
10/31/2010 12:34:38 AM Files detected: 17
10/31/2010 12:34:38 AM Files cleaned: 0
10/31/2010 12:34:38 AM Files deleted: 14



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#34 dpogue

dpogue
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 02 November 2010 - 07:52 PM

The only thing I can find on what was removed is contained in the report I posted. It looks like it was these files:

C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@ad.yieldmanager[2].txt\00000000.ie Cookie-Yieldmanager (Potentially Unwanted Program)

C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@ad.yieldmanager[2].txt\00000000.ie Cookie-Yieldmanager (Potentially Unwanted Program)

C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@ad.yieldmanager[2].txt\00000000.ie Cookie-Yieldmanager (Potentially Unwanted Program)

C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@trafficmp[2].txt\00000000.ie Cookie-Trafficmp (Potentially Unwanted Program)

C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@imrworldwide[2].txt\00000000.ie Cookie-Imrworldwide (Potentially Unwanted Program)

C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@trafficmp[2].txt\00000000.ie Cookie-Trafficmp (Potentially Unwanted Program)

C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@doubleclick[1].txt\00000000.ie Cookie-Doubleclick (Potentially Unwanted Program)

C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@trafficmp[2].txt\00000000.ie Cookie-Trafficmp (Potentially Unwanted Program)

C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Cookies\Low\rip_mabolzi@fastclick[1].txt\00000000.ie Cookie-Fastclick (Potentially Unwanted Program)


But that is only 9 of the 14 it says it deleted... I can't figure out what the other files are.

Does this sound like spyware or a virus or something else? It seems odd that the re-enabling by Defogger led to Vista having problems starting and leading to a system restore. Are there any other anti-spyware programs that I could try to run to see if they can find the culprit?

#35 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:21 PM

Posted 03 November 2010 - 11:03 AM

Hello

Those were removed the 29th well how is the computer doing now?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#36 dpogue

dpogue
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 03 November 2010 - 03:20 PM

Oh, I have no idea if a log with what was deleted on the 31st exists, nor where it would be. The computer is confusing me, up until last night around 11, I was still having the server not found problems and the message about the mass mailing worms being blocked... Suddenly though, I am not seeing either of those issues and it has been 14 hours. I really am unsure as to whether the problem is actually gone or if it will return again, especially if I have to do any system restores while I clean up all the programs from my computer that we used to fight this thing. Do you have any idea what might have caused Windows to be unable to start when I re-enabled the Cd emulators with defogger? It happened right when Defogger restarted my computer to complete the changes. Does this mean that these drives are still disabled and would it cause problems if I just leave them as is? I am also concerned that if I uninstall or use some of these other programs I might have the problem starting windows and have to do a system restore and go back to the server problems. Where should I go from here?

#37 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:21 PM

Posted 03 November 2010 - 03:40 PM

Hello

It happened right when Defogger restarted my computer to complete the changes. Does this mean that these drives are still disabled and would it cause problems if I just leave them as is?
I don't think you have any on your computer, they are not part of windows and are not needed, they are a special group of programs that are used to trick the computer into thinking it is running a program from a CD, it is mainly used by people who use pirated software.

so I want not worry about that to much.

If it has stoped lets wait a few days and see how things go

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#38 dpogue

dpogue
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 03 November 2010 - 06:57 PM

It just happened again... These sneaky mass mailing worms are clogging my server. Grrr.

#39 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:21 PM

Posted 05 November 2010 - 12:42 AM

Hello dpogue


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the OTL.Txt into this topic and please attach the Extras.Txt.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#40 dpogue

dpogue
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 05 November 2010 - 04:17 AM

The link for "file scan.txt" leads to the geekstogo forum main page, not a specific file. How do I find that particular scan.txt file?

#41 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:21 PM

Posted 05 November 2010 - 04:20 AM

here it is

wait here it is!!
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#42 dpogue

dpogue
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 05 November 2010 - 07:44 PM

Haha. Ok, so here is OTL.txt and Extras.txt is attached:

OTL logfile created on: 11/5/2010 5:27:19 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Rip Mabolzi\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 74.52 Gb Free Space | 34.15% Space Free | Partition Type: NTFS
Drive D: | 2.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 14.65 Gb Total Space | 1.60 Gb Free Space | 10.93% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive I: | 3.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RIPMABOLZI-PC | User Name: Rip Mabolzi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Rip Mabolzi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\sminst\Components\scheduler\STService.exe ()
PRC - C:\Windows\sminst\SftService.exe (SoftThinks)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Rip Mabolzi\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation)
MOD - C:\Windows\System32\PortableDeviceApi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WMVCORE.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorAPI.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\System32\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WMASF.DLL (Microsoft Corporation)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\System32\IconCodecService.dll (Microsoft Corporation)
MOD - C:\Windows\System32\drprov.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (SftService) -- C:\Windows\sminst\sftservice.EXE (SoftThinks)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (OA009Vid) -- C:\Windows\System32\drivers\OA009Vid.sys (Creative Technology Ltd.)
DRV - (OA009Ufd) -- C:\Windows\System32\drivers\OA009Ufd.sys (Creative Technology Ltd.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "|http://www.google.com"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: fr-classique@dictionaries.addons.mozilla.org:3.9.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 17:35:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/19 23:37:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 02:18:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 02:18:49 | 000,000,000 | ---D | M]

[2009/09/09 00:47:14 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\Mozilla\Extensions
[2010/11/05 02:02:24 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\Mozilla\Firefox\Profiles\hwkzx3ai.default\extensions
[2010/09/24 17:30:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rip Mabolzi\AppData\Roaming\Mozilla\Firefox\Profiles\hwkzx3ai.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/25 20:10:24 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Rip Mabolzi\AppData\Roaming\Mozilla\Firefox\Profiles\hwkzx3ai.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/10/07 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\Mozilla\Firefox\Profiles\hwkzx3ai.default\extensions\fr-classique@dictionaries.addons.mozilla.org
[2010/10/25 20:14:55 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\Mozilla\Firefox\Profiles\hwkzx3ai.default\extensions\optimizegoogle@optimizegoogle.com
[2010/06/09 00:11:27 | 000,002,059 | ---- | M] () -- C:\Users\Rip Mabolzi\AppData\Roaming\Mozilla\Firefox\Profiles\hwkzx3ai.default\searchplugins\daemon-search.xml
[2010/10/23 19:09:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 20:28:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/19 17:12:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/23 19:09:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/01/06 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/23 21:10:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\sminst\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/23 01:55:11 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/10/21 19:48:42 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/04/22 21:55:11 | 000,054,544 | R--- | M] (Electronic Arts) - I:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/10/21 15:48:42 | 000,000,045 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^Users^Rip Mabolzi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: McAfeeEngineService - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/05 02:07:25 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Rip Mabolzi\Desktop\OTL.exe
[2010/10/25 01:50:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/24 20:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/24 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/10/23 21:16:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/23 21:16:35 | 000,000,000 | ---D | C] -- C:\Users\Rip Mabolzi\AppData\Local\temp
[2010/10/23 21:10:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/23 20:57:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/23 19:28:56 | 000,000,000 | ---D | C] -- C:\Users\Rip Mabolzi\Desktop\FixFile
[2010/10/23 19:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/10/23 19:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/10/23 19:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/23 18:00:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/23 18:00:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/23 18:00:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/23 18:00:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/23 15:16:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/23 14:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/23 14:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/10/23 14:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/23 14:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/10/23 14:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/19 17:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/17 18:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/10/07 18:31:33 | 000,000,000 | ---D | C] -- C:\Users\Rip Mabolzi\Documents\Documents\UO Teach Test Confirmations

========== Files - Modified Within 30 Days ==========

[2010/11/05 17:32:19 | 000,767,488 | ---- | M] () -- C:\Windows\System32\drivers\jtibsji.sys
[2010/11/05 17:04:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 16:07:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 16:07:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 15:03:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/05 03:04:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 02:07:28 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Rip Mabolzi\Desktop\OTL.exe
[2010/11/03 17:32:52 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/03 17:32:52 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/01 21:08:38 | 000,009,002 | ---- | M] () -- C:\Users\Rip Mabolzi\We're not gunna make it.ods
[2010/11/01 18:17:19 | 000,050,176 | ---- | M] () -- C:\Users\Rip Mabolzi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 14:05:48 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/30 03:43:46 | 000,013,852 | ---- | M] () -- C:\Users\Rip Mabolzi\Desktop\Super Awesome Get Out of Credit Card Debt Plan of Attack.ods
[2010/10/23 21:10:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/23 15:04:46 | 003,884,040 | R--- | M] () -- C:\Users\Rip Mabolzi\Desktop\ComboFix.exe
[2010/10/23 14:27:58 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/23 14:22:11 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/19 17:07:50 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/14 03:32:15 | 000,310,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/14 03:06:45 | 000,000,185 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/10/12 23:15:03 | 477,526,779 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/12 11:31:04 | 000,029,112 | ---- | M] () -- C:\Users\Rip Mabolzi\AppData\Roaming\wklnhst.dat
[2010/10/12 11:31:04 | 000,025,088 | ---- | M] () -- C:\Users\Rip Mabolzi\Documents\Documents\Husserl - Meditation 1.wps
[2010/10/08 05:03:23 | 000,016,534 | ---- | M] () -- C:\Users\Rip Mabolzi\Desktop\lotus.odt
[2010/10/08 05:01:35 | 000,037,888 | ---- | M] () -- C:\Users\Rip Mabolzi\Documents\Documents\more inquiries.wps
[2010/10/08 04:38:18 | 000,045,056 | ---- | M] () -- C:\Users\Rip Mabolzi\Documents\Documents\Nietszche Paper.wps

========== Files Created - No Company Name ==========

[2010/11/01 21:08:36 | 000,009,002 | ---- | C] () -- C:\Users\Rip Mabolzi\We're not gunna make it.ods
[2010/10/23 19:14:07 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/10/23 18:00:10 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/23 18:00:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/23 18:00:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/23 18:00:10 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/23 18:00:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/23 15:04:25 | 003,884,040 | R--- | C] () -- C:\Users\Rip Mabolzi\Desktop\ComboFix.exe
[2010/10/23 14:27:58 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/23 14:22:11 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/10/19 17:07:50 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/11 23:41:18 | 000,025,088 | ---- | C] () -- C:\Users\Rip Mabolzi\Documents\Documents\Husserl - Meditation 1.wps
[2010/09/11 21:06:37 | 000,000,128 | ---- | C] () -- C:\Windows\Sierra.ini
[2010/08/12 03:04:48 | 000,000,185 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/07/20 12:34:47 | 000,000,120 | ---- | C] () -- C:\Users\Rip Mabolzi\AppData\Local\Vpayilita.dat
[2010/07/20 12:33:36 | 000,767,488 | ---- | C] () -- C:\Windows\System32\drivers\jtibsji.sys
[2010/03/25 13:47:22 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2010/03/08 22:34:19 | 000,000,101 | ---- | C] () -- C:\Windows\BUZZTWLC.INI
[2010/03/08 22:30:31 | 000,000,361 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2010/01/28 22:33:55 | 000,000,021 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/23 22:18:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 18:33:33 | 000,006,080 | ---- | C] () -- C:\Users\Rip Mabolzi\AppData\Local\d3d9caps.dat
[2009/09/14 03:15:48 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/07 10:42:51 | 000,029,112 | ---- | C] () -- C:\Users\Rip Mabolzi\AppData\Roaming\wklnhst.dat
[2009/09/07 10:08:27 | 000,050,176 | ---- | C] () -- C:\Users\Rip Mabolzi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/27 01:07:26 | 000,106,496 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/05/27 01:07:26 | 000,069,632 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/05/27 01:07:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/05/27 01:07:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/05/27 01:07:25 | 000,385,024 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/05/27 01:07:25 | 000,380,928 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/05/27 01:07:25 | 000,266,240 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/05/27 01:07:25 | 000,253,952 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/05/27 01:07:25 | 000,229,376 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/05/27 01:07:25 | 000,122,880 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/05/27 01:07:25 | 000,115,712 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/05/27 01:07:25 | 000,098,304 | ---- | C] () -- C:\Windows\System32\STFileMonitor.dll
[2009/05/27 01:07:25 | 000,094,208 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/05/27 01:07:25 | 000,077,824 | ---- | C] () -- C:\Windows\System32\STLangXml.dll
[2009/05/27 01:07:24 | 000,471,040 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/05/27 01:07:24 | 000,126,976 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/05/27 01:07:24 | 000,118,784 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/05/27 01:07:24 | 000,110,592 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/05/27 01:07:24 | 000,102,400 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/05/27 01:07:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/05/27 01:07:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/05/27 01:07:22 | 000,053,248 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/05/27 01:07:21 | 001,118,208 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/05/27 00:48:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/05/27 00:48:22 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/05/27 00:40:52 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/09/13 22:12:03 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\BitTorrent
[2010/04/19 11:14:06 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/09 23:59:12 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\DAEMON Tools Lite
[2010/10/12 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\Dropbox
[2010/01/10 15:21:41 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\EPSON
[2009/09/22 21:57:34 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\EuroTalk
[2010/06/15 19:49:42 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\Facebook
[2009/10/25 22:28:32 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\OpenOffice.org
[2009/09/07 10:42:53 | 000,000,000 | ---D | M] -- C:\Users\Rip Mabolzi\AppData\Roaming\Template
[2010/11/03 17:25:08 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/23 21:16:33 | 000,021,281 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/05/27 03:27:36 | 000,003,698 | RH-- | M] () -- C:\dell.sdr
[2010/11/03 17:25:53 | 3495,567,360 | -HS- | M] () -- C:\pagefile.sys
[2010/08/27 00:17:59 | 000,000,366 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/03/10 00:25:42 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/09/13 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD82.DLL
[2006/09/12 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD83.DLL
[2009/12/08 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPDA5.DLL
[2006/09/13 05:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP82.DLL
[2006/09/12 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP83.DLL
[2009/12/08 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPPA5.DLL
[2006/11/02 02:46:04 | 000,032,768 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\prtprocs\w32x86\EP0NPP01.DLL
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/12/04 20:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/03/11 16:07:35 | 000,000,286 | -HS- | M] () -- C:\Users\Rip Mabolzi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/10/23 15:04:46 | 003,884,040 | R--- | M] () -- C:\Users\Rip Mabolzi\Desktop\ComboFix.exe
[2010/07/27 00:57:18 | 013,525,424 | ---- | M] () -- C:\Users\Rip Mabolzi\Desktop\Dropbox 0.7.110(2).exe
[2010/08/10 17:34:03 | 140,467,400 | ---- | M] () -- C:\Users\Rip Mabolzi\Desktop\OOo_3.2.1_Win_x86_install_en-US.exe
[2010/11/05 02:07:28 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Rip Mabolzi\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/03/11 13:54:53 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2010/03/11 13:54:23 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/05/26 19:34:32 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/05/26 19:34:32 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2010/03/11 13:54:23 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/09/07 10:07:01 | 000,000,402 | -HS- | M] () -- C:\Users\Rip Mabolzi\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2006/09/18 14:31:55 | 000,107,620 | ---- | M] () -- C:\Windows\System32\acwizard.ico

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2009/12/13 21:20:03 | 000,043,233 | ---- | M] () -- C:\Windows\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/11/05 17:33:44 | 003,670,016 | -HS- | M] () -- C:\Users\Rip Mabolzi\ntuser.dat

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2009/10/22 11:27:10 | 000,260,608 | ---- | M] (Canon Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNCAABk.EXE
[2009/10/22 11:27:08 | 000,634,368 | ---- | M] (Canon Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNCAPFk.EXE
[2006/09/12 23:22:24 | 000,015,448 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNMSE83.EXE
[2009/12/09 10:54:24 | 000,018,768 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNMSEA5.EXE
[2009/12/09 10:54:32 | 000,060,240 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNMVSA5.EXE

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.rpv /x >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2010/10/19 17:07:36 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/10/08 19:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/09/15 10:34:07 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2010/10/23 14:15:11 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/10/05 20:03:00 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/10/05 19:41:27 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2009/05/27 00:49:12 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2009/05/27 01:02:56 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/10/23 21:06:00 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/05/27 00:57:41 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2009/05/27 00:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
[2009/05/27 01:14:42 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010/06/25 00:38:10 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar
[2009/11/05 05:01:00 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2009/05/27 01:08:08 | 000,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Local Backup
[2009/05/27 00:48:02 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Inc
[2009/05/27 01:09:01 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2009/05/27 01:00:01 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Video Chat
[2009/05/27 00:57:30 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Webcam
[2009/05/27 03:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2010/06/12 00:03:22 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/01/09 23:45:51 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2010/10/24 20:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/09/22 21:57:27 | 000,000,000 | ---D | M] -- C:\Program Files\EuroTalk Interactive
[2010/07/11 22:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\Flash Movie Player
[2010/06/25 00:43:05 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/05/26 19:32:14 | 000,000,000 | ---D | M] -- C:\Program Files\IDT
[2010/09/11 21:01:18 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/05/27 00:52:17 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/03/11 13:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/10/23 14:26:36 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/10/23 14:27:55 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/10/23 19:08:53 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/11/28 00:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2010/08/27 00:21:26 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/08 22:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/10/31 14:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2009/05/27 01:11:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/05/27 00:56:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/05/27 01:14:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/05/27 01:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/05/27 01:13:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2009/05/27 00:56:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/12/13 21:20:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/06/26 03:01:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 12:42:35 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/29 02:18:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/10 18:02:15 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2010/10/23 14:22:21 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/07/19 23:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/05/27 01:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/03/08 22:30:46 | 000,000,000 | ---D | M] -- C:\Program Files\SimpleOCR
[2009/09/14 03:13:41 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/03/08 22:24:56 | 000,000,000 | ---D | M] -- C:\Program Files\SolarSys
[2010/10/24 15:50:07 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2006/11/02 06:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/09/13 14:51:33 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/03/11 13:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/03/11 13:47:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/03/11 13:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/03/11 13:47:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/05/27 01:14:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/05/27 01:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/09/15 03:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/10/17 21:16:21 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 05:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/03/11 13:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/03/13 15:49:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/03/11 13:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2009/12/11 22:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >
[2006/09/18 14:43:58 | 000,000,707 | ---- | M] () -- C:\Windows\_default.pif

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< %SYSTEMDRIVE%\driverwinx.exe\*.* >

< %systemroot%\BifroXx\*.* >

< %SYSTEMDRIVE%\TSTP\*.* >

< %systemroot%\winsn\*.* >

< %ProgramFiles%\windata\*.* >

< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >

< %systemroot%\system32\*.sao >

< %systemroot%\system32\*.iem >

< %systemroot%\system32\*.mdd >

< %systemroot%\system32\*.wlo >

< %systemroot%\system32\*.skn >

< %SYSTEMDRIVE%\Winup\*.* >

< %SYSTEMDRIVE%\test\*.* >

< %systemroot%\system32\med\*.* >

< %systemroot%\Bifrost\*.* >

< %systemroot%\system32\explorer.exe\*.* >

< %UserProfile%\UserData\*.dat /x >

< %SYSTEMDRIVE%\Arquivo de programas\*.* >

< %ProgramFiles%\tcpview\*.* >

< %systemroot%\system32\*.lyo >

< %ProgramFiles%\huanbang2\*.* >

< %systemroot%\winhuanbang\*.* >

< %systemroot%\minrsv.ini\*.* >

< %systemroot%\assembly\GAC\*.* >

< %AppData%\Adobe\crtmswin91\*.* >

< %ProgramFiles%\Windows NT\Accessories\*.exe >
[2010/06/28 07:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe

< %systemroot%\system32\*.pdo >

< %SYSTEMDRIVE%\APPDATASH\*.* >

< %SYSTEMDRIVE%\sy\*.* >

< %systemroot%\*.cot >

< %systemroot%\system32\*.html >

< %systemroot%\system32\win32.exe\*.* >

< %systemroot%\System32\9283\*.* >

< %systemroot%\System32\hardpol\*.* /s >

< %systemroot%\Fonts\*.dat >

< %ProgramFiles%\WinNTsystem operation\*.* >

< %SYSTEMDRIVE%\moneyxmexx.exe\*.* >

< %USERPROFILE%\Templates\*.exe >

< %SYSTEMDRIVE%\MSOCache\*.* >

< %systemroot%\inf\win\*.* >

< %SYSTEMDRIVE%\users\*.ini /x >

< %systemroot%\Media\*.exe >

< %systemroot%\Media\*.dll >

< %AppData%\AdobeUM\upldrvdrv2\*.* >

< %ProgramFiles%\wiselink\*.* >

< %systemroot%\*.wd >

< %systemroot%\boot\*.* >

< %systemroot%\ime\*.dll /x >

< %systemroot%\system32\GroupPolicy\User\Scripts\*.* /s >

< %systemroot%\system32\*.INS >

< %SYSTEMDRIVE%\Temporary\*.* >

< %AppData%\AdobeUM\vclvclupl66\*.* >

< %SYSTEMDRIVE%\KEY\*.* /s >

< %SYSTEMDRIVE%\INVRSO\*.* >

< %systemroot%\Config\Audit\*.* /s >

< %ProgramFiles%\facebook\*.* >

< %SystemRoot%\system32\___hptmp\*.* >

< %SystemRoot%\system32\Macromedia\*.* >

< %SystemRoot%\system32\Macrocmp\*.* >

< %systemroot%\ap0calypse_00CD1A40\*.* /s >

< %SYSTEMDRIVE%\bbotxxxxxx.exe\*.* >

< %systemroot%\cacher\*.* >

< %systemroot%\down\*.* >

< %systemroot%\up\*.* >

< %SYSTEMDRIVE%\bootstartx.exe\*.* >

< %systemroot%\system32\wbem\grpconv.exe >

< %SYSTEMDRIVE%\Zolander\*.* /s >

< %systemroot%\Media_\*.* >

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download >
"CheckExeSignatures" = no
"RunInvalidSignatures" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers|ProviderFileName6 /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-27 10:01:06

< End of report >

Attached Files



#43 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:21 PM

Posted 05 November 2010 - 09:37 PM

Hello

ok Found something, I want you to redownload combofix for me and run this script

  • Link 1

    just save it to your desktop


    run this custom script for me.

    :Run CFScript:

    Open Notepad and copy/paste the text in the box into the window:

    File::
    C:\Windows\System32\drivers\jtibsji.sys
    C:\Users\Rip Mabolzi\AppData\Local\Vpayilita.dat
    
    Driver::
    jtibsji


    Save it to your desktop as CFScript.txt

    Refering to the picture above, drag CFScript.txt into ComboFix.exe
    Posted Image
    This will let ComboFix run again.
    Restart if you have to.
    Save the produced logfile to your desktop.

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    "information and logs"

    In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#44 dpogue

dpogue
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 06 November 2010 - 06:58 PM

If you read that last post, please disregard... it turns out that ComboFix restarted my comp and I had a bunch of weird problems from missing desktop stuff to search bars not working, but eventually I logged off and logged back on, and the problems were all resolved. Upon logging back on, ComboFix said please wait to open any programs (I hope I didn't mess anything up when I opened a bunch of program before the log on/off fixed stuff.) So far, no server not found error or mass mailing worm notes from McAfee. The web seems to be moving more quickly and my computer seems to be running more smoothly... at least so far. :thumbup2:

Here is the log from ComboFix, how are we looking now?:

ComboFix 10-11-07.01 - Rip Mabolzi 11/06/2010 16:20:17.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3034.1881 [GMT -7:00]
Running from: c:\users\Rip Mabolzi\Desktop\ComboFix.exe
Command switches used :: c:\users\Rip Mabolzi\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Rip Mabolzi\AppData\Local\Vpayilita.dat"
"c:\windows\System32\drivers\jtibsji.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Rip Mabolzi\AppData\Local\Vpayilita.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JTIBSJI
-------\Service_jtibsji


((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
.

2010-11-06 23:28 . 2010-11-07 00:44 -------- d-----w- c:\users\Rip Mabolzi\AppData\Local\temp
2010-11-06 23:28 . 2010-11-06 23:28 -------- d-----w- c:\users\Rip\AppData\Local\temp
2010-11-06 23:28 . 2010-11-06 23:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-05 08:54 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BAF3D71-C2D8-4CC3-B3FF-698A94CB268B}\mpengine.dll
2010-10-27 03:54 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-27 03:54 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-27 03:54 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-25 08:50 . 2010-10-25 08:50 -------- d-----w- c:\windows\Sun
2010-10-25 03:30 . 2010-10-25 03:30 -------- d-----w- c:\program files\ESET
2010-10-24 22:50 . 2010-10-24 22:50 388096 ----a-r- c:\users\Rip Mabolzi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-24 22:50 . 2010-10-24 22:50 -------- d-----w- c:\program files\Trend Micro
2010-10-24 02:14 . 2010-10-24 02:14 -------- d-----w- c:\programdata\McAfee Security Scan
2010-10-24 02:14 . 2010-10-31 21:05 -------- d-----w- c:\program files\McAfee Security Scan
2010-10-24 02:09 . 2010-10-24 02:09 -------- d-----w- c:\program files\Common Files\Java
2010-10-23 21:26 . 2010-10-23 21:26 -------- d-----w- c:\program files\iPod
2010-10-23 21:26 . 2010-10-23 21:27 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-23 21:26 . 2010-10-23 21:27 -------- d-----w- c:\program files\iTunes
2010-10-23 21:15 . 2010-10-23 21:15 -------- d-----w- c:\program files\Bonjour
2010-10-20 00:12 . 2010-09-15 11:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-20 00:12 . 2010-09-15 11:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-20 00:07 . 2010-10-20 00:07 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-18 01:38 . 2010-10-18 03:10 -------- d-----w- c:\programdata\Hitman Pro
2010-10-13 23:45 . 2010-09-08 17:07 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-13 23:45 . 2010-09-08 17:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-13 23:45 . 2010-09-08 15:23 389632 ----a-w- c:\windows\system32\html.iec
2010-10-13 23:44 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 23:44 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 23:43 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 23:43 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:43 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 23:43 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 23:43 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 23:43 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 23:43 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 23:43 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 23:42 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 23:42 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 23:42 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 23:42 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:42 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:42 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:42 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 23:29 . 2010-07-20 19:33 767488 ----a-w- c:\windows\system32\drivers\jtibsji.sys
2010-10-19 18:41 . 2010-09-15 19:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-26 16:33 . 2010-10-27 03:54 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 03:54 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-27 03:54 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 03:54 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-17 14:11 . 2010-09-14 20:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-01-07 03:07 . 2009-11-25 23:41 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rip Mabolzi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rip Mabolzi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Rip Mabolzi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-07 124240]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-09-23 136512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-20 202256]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\Components\scheduler\Launcher.exe" [2009-02-23 165104]

c:\users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-27 08:02 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Rip Mabolzi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Rip Mabolzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 06:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-11-02 01:30 2508104 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43 767312 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2009-09-29 00:56 140640 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 09:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2008-12-03 03:41 3882312 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 23:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-20 06:36 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-11 133104]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-04-01 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-11 09:19]

2010-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-11 09:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Rip Mabolzi\AppData\Roaming\Mozilla\Firefox\Profiles\hwkzx3ai.default\
FF - prefs.js: browser.startup.homepage - |hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\Rip Mabolzi\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-06 17:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000005904421FDFDC0BDB0B 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2432)
c:\users\Rip Mabolzi\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\windows\system32\mfevtps.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\sminst\sftservice.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SMINST\Components\scheduler\STService.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Completion time: 2010-11-06 17:47:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-07 00:47
ComboFix2.txt 2010-10-24 04:16
ComboFix3.txt 2010-10-24 01:12

Pre-Run: 79,331,098,624 bytes free
Post-Run: 79,087,095,808 bytes free

- - End Of File - - C09F7B677CDC20E3C946A92C967A99E2

Edited by dpogue, 06 November 2010 - 07:56 PM.


#45 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:21 PM

Posted 06 November 2010 - 09:50 PM

I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
c:\windows\system32\drivers\jtibsji.sys


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users