Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows XP Master Boot Record Infected [Closed]


  • This topic is locked This topic is locked

#1
ivan_t

ivan_t

    New Member

  • Member
  • Pip
  • 6 posts
On the morning of April 1st, I was surfing various news and opinion websites with Internet Explorer. When I went to "slashdot", all of a sudden I started getting a massive number of "Write Fault Errors" cascading across my suddenly blank desktop:

Write Fault Error Filled Screen

Suspecting a Malware infection, I tried to access Windows XP's "task manager", but it would not open. I then noticed that all of my shortcuts under the "START" menu had disappeared. At this point I shut down my computer and then restarted in safe mode with the internet feed disconnected whereupon I discovered that my files appeared to still be intact, but with their file attributes having been changed to "hidden".

Some google surfing on an uninfected computer turned up this thread which described an infection with some very similar symptoms:

SMART - check infection help

I never noticed any application called "SMART - check" starting up before the error messages appeared, but the part about the file attributes being changed and the start menu shortcuts being moved to a tmp folder were spot on. Using suggestions from this thread I was able to unhide all my files, but it became clear that I wasn't yet out of the woods when I started getting clearcut browser redirects to adware sites. I also experienced instances where Internet Explorer started opening by itself at random times. Here is an example of one of random IE browser windows:

Spontaneous IE Browser Window

I followed the suggestion on the aformentioned help thread and installed and ran SuperAntiSpyware. SuperAntiSpyware found numerous adware cookies as well as a number of Malware infections:

SuperAntiSpyware Scan Summary

In fact, I ran SuperAntiSpyware several times and each time the adware infections and the spontaneous IE browser startups seem to come roaring back leading me to believe that there was some underlying infection that was immune to the Spyware checker. The only thing that seemed to prevent re-infiltration of the adware infections was if I kept my computer disconnected from the internet while I ran SuperAntiSpyware. After I ran SuperAntiSpyware, I also ran Malwarebytes and Norton AV just to be sure. At this point I was suspicious that I might have a MBR infection, so I ran MBRchecker.exe and got a positive hit for an infected MBR. This is as far as I felt comfortable going with my limited knowledge towards dealing with this sort of problem.
  • 0

Advertisements


#2
ivan_t

ivan_t

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the OTL report:

OTL logfile created on: 4/6/2012 11:22:26 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\ivan_t\Desktop\Antimalware Toolbox
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 88.48% Memory free
6.84 Gb Paging File | 6.67 Gb Available in Paging File | 97.46% Paging File free
Paging file location(s): C:\pagefile.sys 8192 16384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 291.99 Gb Total Space | 178.04 Gb Free Space | 60.97% Space Free | Partition Type: NTFS
Drive D: | 6.02 Gb Total Space | 5.98 Gb Free Space | 99.25% Space Free | Partition Type: FAT32
Drive G: | 114.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: XPS420 | User Name: ivan_t | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/06 23:19:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ivan_t\Desktop\Antimalware Toolbox\OTL.exe
PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/07/12 04:51:21 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/18 22:40:06 | 002,016,504 | ---- | M] (UltraVNC) [Auto | Stopped] -- C:\Program Files\UltraVNC\winvnc.exe -- (uvnc_service)
SRV - [2011/04/25 05:20:26 | 000,669,040 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/03/29 12:24:46 | 000,196,608 | ---- | M] (Simon Brown, HB9DRV) [Auto | Stopped] -- C:\Program Files\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe -- (HRD RemoteSvr)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/07/12 04:51:21 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Stopped] -- C:\WINDOWS\system32\dldfcoms.exe -- (dldf_device)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/02/09 01:29:54 | 000,169,200 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/02/09 01:29:52 | 001,764,592 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/02/09 01:29:44 | 000,020,208 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/12/21 10:33:40 | 000,177,824 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/12/21 10:33:38 | 000,083,616 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/12/21 10:33:30 | 000,186,016 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Stopped] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/10/19 18:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/08/18 13:56:26 | 000,114,688 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gateway\EzTune\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2005/08/18 13:54:04 | 000,061,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gateway\EzTune\DTSRVC.exe -- (DTSRVC)
SRV - [2005/03/30 22:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/04 05:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ivan_t\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/02/04 02:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 02:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/12 00:01:37 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2011/08/04 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120404.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120404.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/25 04:58:58 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/05/03 20:32:16 | 000,049,904 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/01/19 10:11:22 | 000,003,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLPortIO.SYS -- (DLPortIO)
DRV - [2007/06/27 06:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 06:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/10/19 18:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/10/19 18:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/09/17 01:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/08/18 13:56:30 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2005/08/18 13:53:28 | 000,009,600 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2005/03/30 22:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/01/26 12:55:24 | 000,009,260 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2005/01/26 12:55:20 | 000,016,425 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pivot.sys -- (pivot)
DRV - [2004/08/04 05:54:32 | 000,269,387 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/08/28 22:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/07/24 19:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/07/16 07:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/05/01 14:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [1997/09/24 15:43:24 | 000,026,400 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\Driverx.sys -- (DriverX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {F9EDED6B-C5C7-4301-AD97-60AF7084DC24}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{F9EDED6B-C5C7-4301-AD97-60AF7084DC24}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.dellroy.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/18 16:24:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/03 22:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/17 03:01:47 | 000,000,000 | ---D | M]

[2009/02/18 23:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ivan_t\Application Data\Mozilla\Extensions
[2011/12/08 03:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ivan_t\Application Data\Mozilla\Firefox\Profiles\jtmmn1ty.default\extensions
[2010/04/28 20:13:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ivan_t\Application Data\Mozilla\Firefox\Profiles\jtmmn1ty.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/03 22:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/03 22:01:02 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/03 22:01:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/03 22:01:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/25 18:10:19 | 000,000,023 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: k1ttt.net # K1TTT
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Atari Launcher] C:\Program Files\Hasbro Interactive\Atari Arcade Hits\Atari icon.exe (Hasbro Interactive)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\WinPortrait\wpctrl.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EzTune.lnk = C:\Program Files\Gateway\EzTune\dthtml.exe (Portrait Displays, Inc)
O4 - Startup: C:\Documents and Settings\ivan_t\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\ivan_t\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\ivan_t\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: centershift.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0249ED44-B640-45BD-8066-17F81BFDC050} http://tv/STREAMPLAYER1.cab (VBrick StreamPlayer Components)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5459BAF4-09A9-422A-AB5C-5F114A7287B5} http://tv/VBPLAYER.cab (CVBUI Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} http://192.168.1.9/i...sysMLViewer.cab (LinksysMLViewer Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D2F7A5D7-651D-4044-A3C6-3F818B2052C5} http://192.168.1.9/a...sMLAlertCfg.cab (LinksysMLAlertCfg Control)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F50B3F13-19C4-11CF-AA9A-02608C9BABA2} http://tv/STREAMPLAYER2.cab (Moonlight-Elecard MPEG2 Video Decoder)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ivan_t\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/30 05:01:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/02/17 09:45:22 | 000,000,044 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/05 03:17:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/05 02:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/04/04 12:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Desktop\Antimalware Toolbox
[2012/04/01 14:41:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/04/01 11:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Application Data\SUPERAntiSpyware.com
[2012/04/01 11:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/01 11:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/01 11:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/01 07:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Recent
[2012/04/01 07:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Desktop\Start-Files
[2012/03/17 00:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\My Documents\Delta-Sigma 2012-03-16
[2012/03/16 23:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Application Data\Accellion
[2012/03/14 20:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\My Documents\My Shapes
[2012/03/12 16:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2012/03/12 16:35:08 | 000,406,896 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2012/03/12 16:35:08 | 000,361,840 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2012/03/12 16:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2012/03/12 16:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2012/03/12 16:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Application Data\Juniper Networks
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/06 23:16:52 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/06 23:14:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/06 23:13:38 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/05 23:34:30 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-261478967-839522115-1003.job
[2012/04/04 12:48:21 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/04 12:48:21 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Volume Control.lnk
[2012/04/04 12:48:21 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/04/04 12:48:21 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/04/04 12:48:21 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/04 12:48:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/04 12:48:21 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2012/04/04 12:48:21 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/04 12:48:21 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/04 12:48:21 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\N1MM logger.lnk
[2012/04/04 12:48:21 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2012/04/04 12:48:21 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\spectran.exe.lnk
[2012/04/04 12:48:20 | 000,001,929 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Snapfire Plus.lnk
[2012/04/04 12:48:20 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2012/04/04 12:48:20 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\DX Atlas.lnk
[2012/04/04 12:48:20 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\IrfanView.lnk
[2012/04/04 12:48:14 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/01 15:05:08 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/04/01 15:05:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/01 14:48:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/01 11:28:53 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/30 18:38:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-261478967-839522115-1003.job
[2012/03/28 14:04:40 | 000,012,892 | ---- | M] () -- C:\WINDOWS\Dxb2007.ini
[2012/03/28 13:45:27 | 000,003,026 | ---- | M] () -- C:\WINDOWS\ADIFMaster.INI
[2012/03/23 10:17:59 | 001,423,842 | ---- | M] () -- C:\Documents and Settings\ivan_t\Desktop\scan.pdf
[2012/03/19 16:03:48 | 000,140,498 | ---- | M] () -- C:\Documents and Settings\ivan_t\Desktop\email.pdf
[2012/03/17 00:07:52 | 073,651,909 | ---- | M] () -- C:\Documents and Settings\ivan_t\My Documents\Delta-Sigma Pictures 2012-03-16.zip
[2012/03/14 20:25:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/03/14 06:10:31 | 000,406,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 03:03:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/13 12:28:13 | 000,064,364 | ---- | M] () -- C:\Documents and Settings\ivan_t\Desktop\New Image.PNG
[2012/03/13 12:26:41 | 000,450,180 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full page photo print.pdf
[2012/03/13 12:24:30 | 000,255,806 | ---- | M] () -- C:\Documents and Settings\ivan_t\Desktop\New Image.TIF
[2012/03/12 16:06:12 | 000,484,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 16:06:12 | 000,080,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/04 12:48:21 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/04 12:48:21 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Volume Control.lnk
[2012/04/04 12:48:21 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/04/04 12:48:21 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/04/04 12:48:21 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/04 12:48:21 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/04 12:48:21 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2012/04/04 12:48:21 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/04 12:48:21 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/04 12:48:21 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\N1MM logger.lnk
[2012/04/04 12:48:21 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2012/04/04 12:48:21 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\spectran.exe.lnk
[2012/04/04 12:48:20 | 000,001,929 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Snapfire Plus.lnk
[2012/04/04 12:48:20 | 000,001,555 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2012/04/04 12:48:20 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\DX Atlas.lnk
[2012/04/04 12:48:20 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\IrfanView.lnk
[2012/04/04 12:48:14 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/04 12:08:31 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
[2012/04/04 12:08:31 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EzTune.lnk
[2012/04/04 12:08:31 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/04/04 12:08:31 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2012/04/04 12:08:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/04 12:08:30 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/04/04 12:08:30 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/01 15:05:08 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/04/01 15:05:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/01 14:48:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/01 11:28:53 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/23 10:17:58 | 001,423,842 | ---- | C] () -- C:\Documents and Settings\ivan_t\Desktop\scan.pdf
[2012/03/19 16:03:46 | 000,140,498 | ---- | C] () -- C:\Documents and Settings\ivan_t\Desktop\email.pdf
[2012/03/17 00:07:48 | 073,651,909 | ---- | C] () -- C:\Documents and Settings\ivan_t\My Documents\Delta-Sigma Pictures 2012-03-16.zip
[2012/03/14 20:25:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/03/13 12:28:13 | 000,064,364 | ---- | C] () -- C:\Documents and Settings\ivan_t\Desktop\New Image.PNG
[2012/03/13 12:26:41 | 000,450,180 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full page photo print.pdf
[2012/03/13 12:24:30 | 000,255,806 | ---- | C] () -- C:\Documents and Settings\ivan_t\Desktop\New Image.TIF
[2012/02/27 04:26:29 | 001,449,285 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-606747145-261478967-839522115-1003-0.dat
[2012/02/27 04:26:27 | 000,367,162 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/26 11:20:20 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/15 06:15:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/02 04:16:29 | 001,317,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/09 10:25:29 | 000,003,026 | ---- | C] () -- C:\WINDOWS\ADIFMaster.INI
[2010/05/09 05:45:56 | 000,012,892 | ---- | C] () -- C:\WINDOWS\Dxb2007.ini

========== LOP Check ==========

[2008/06/15 05:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\948 Series
[2012/03/12 16:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/04/29 22:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2012/03/27 09:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/20 01:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/04/03 02:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/05/24 21:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/09 01:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/23 14:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\948 Series
[2012/03/16 23:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\Accellion
[2008/04/05 13:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\DisplayTune
[2012/04/05 23:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\Dropbox
[2008/12/25 01:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\GetRightToGo
[2008/04/05 08:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\InterTrust
[2012/03/16 23:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\Juniper Networks
[2011/10/08 17:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\Simon Brown, HB9DRV
[2011/07/15 23:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\TrustedQSL
[2012/04/06 23:16:52 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C

< End of report >

Edited by ivan_t, 08 April 2012 - 07:44 PM.

  • 0

#3
ivan_t

ivan_t

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here are the results of MBR check:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 sbp2port.sys
0xBA0F8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA108000 disk.sys
0xBA118000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xBA128000 PxHelp20.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DEE000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB96FF000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB96EB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA1F8000 \SystemRoot\system32\drivers\pivot.sys
0xB96AA000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9686000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3B8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB965E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA208000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA218000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA228000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB963B000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3D0000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA705000 \SystemRoot\system32\DRIVERS\mv2.sys
0xB9620000 \SystemRoot\system32\DRIVERS\dne2000.sys
0xBA238000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0xBA706000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA248000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA590000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9609000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA258000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB95F8000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA278000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA400000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA410000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA5A4000 \SystemRoot\System32\Drivers\PdiPorts.sys
0xB9528000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA288000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA420000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA428000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5BA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB94A2000 \SystemRoot\system32\DRIVERS\update.sys
0xB9DBA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA298000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5BE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA2A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB624A000 \SystemRoot\system32\drivers\sthda.sys
0xB6226000 \SystemRoot\system32\drivers\portcls.sys
0xBA2C8000 \SystemRoot\system32\drivers\drmk.sys
0xB61CE000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xB61AC000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xB6198000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\ser2pl.sys
0xB9518000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9510000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA498000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA5CE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA78A000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5D0000 \SystemRoot\System32\Drivers\Beep.SYS
0xB9508000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA370000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA380000 \SystemRoot\System32\drivers\vga.sys
0xBA5DE000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA388000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA390000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB948A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB5FA9000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB5F50000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB5F15000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB5EEF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA158000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB5EC7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA168000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB5EA5000 \SystemRoot\System32\drivers\afd.sys
0xBA178000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB5E83000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA3E0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB5E58000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB5DE8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA188000 \SystemRoot\System32\Drivers\Fips.SYS
0xB5CEA000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB5CCC000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB5C80000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA1A8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB5C68000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5EE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6178000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA438000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA757000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF025000 \SystemRoot\System32\nv4_disp.dll
0xBF012000 \SystemRoot\System32\wpfb_nv4_disp.dll
0xB5910000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBF554000 \SystemRoot\System32\ATMFD.DLL
0xB4CA2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB4B37000 \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
0xBA4A0000 \??\C:\WINDOWS\system32\DRIVERS\DLPortIO.SYS
0xBA378000 \SystemRoot\System32\Drivers\DriverX.SYS
0xB4774000 \SystemRoot\system32\DRIVERS\srv.sys
0xB4254000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120404.004\navex15.sys
0xB4240000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120404.004\naveng.sys
0xB409B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB48D4000 \SystemRoot\system32\drivers\sysaudio.sys
0xB357B000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xB3211000 \SystemRoot\System32\Drivers\HTTP.sys
0xB415C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB3FA4000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB24BF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
1132 C:\WINDOWS\system32\smss.exe
1212 csrss.exe
1240 C:\WINDOWS\system32\winlogon.exe
1284 C:\WINDOWS\system32\services.exe
1296 C:\WINDOWS\system32\lsass.exe
1472 C:\WINDOWS\system32\svchost.exe
1572 svchost.exe
1792 C:\Program Files\Windows Defender\MsMpEng.exe
1852 C:\WINDOWS\system32\svchost.exe
2004 svchost.exe
300 svchost.exe
1116 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1200 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
1660 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1752 C:\WINDOWS\system32\spoolsv.exe
1944 svchost.exe
1976 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1988 C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
2032 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
152 C:\Program Files\Gateway\EzTune\dtsslsrv.exe
208 C:\Program Files\Bonjour\mDNSResponder.exe
544 C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
560 C:\Program Files\Symantec AntiVirus\DefWatch.exe
608 C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfserv.exe
640 C:\WINDOWS\system32\dldfcoms.exe
376 C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
444 C:\Program Files\Gateway\EzTune\DTSRVC.exe
476 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
684 C:\Program Files\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe
708 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
848 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
976 C:\Program Files\Java\jre6\bin\jqs.exe
1168 C:\WINDOWS\system32\nvsvc32.exe
1916 C:\WINDOWS\system32\PSIService.exe
788 C:\WINDOWS\system32\svchost.exe
2104 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2276 C:\Program Files\UltraVNC\winvnc.exe
3248 alg.exe
2356 C:\WINDOWS\explorer.exe
3496 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3684 C:\PROGRA~1\SYMANT~1\VPTray.exe
3776 C:\Program Files\WinPortrait\wpctrl.exe
3552 C:\WINDOWS\stsystra.exe
2184 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3788 C:\Program Files\Dell AIO Printer 948\dldfmon.exe
3896 C:\Program Files\Dell AIO Printer 948\memcard.exe
4000 C:\Program Files\Hasbro Interactive\Atari Arcade Hits\Atari icon.exe
4008 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
3380 C:\Program Files\WinPortrait\floater.exe
4072 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1888 C:\Program Files\Real\Update\realsched.exe
3016 C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
3292 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3480 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2912 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3812 C:\WINDOWS\system32\ctfmon.exe
1800 C:\WINDOWS\system32\svchost.exe
2848 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3948 C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
1460 C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
296 C:\Program Files\Gateway\EzTune\dthtml.exe
3784 C:\Documents and Settings\ivan_t\Application Data\Dropbox\bin\Dropbox.exe
3672 C:\Program Files\palmOne\HOTSYNC.EXE
3308 C:\Program Files\UltraVNC\winvnc.exe
5584 C:\Documents and Settings\ivan_t\Desktop\Antimalware Toolbox\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000049`02dc5600 (FAT32)

PhysicalDrive0 Model Number: ST3320620AS, Rev: 3.ADG

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 7ACA4C7D4A41E8E42EF9F93CBF289D58E3306568


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!
  • 0

#4
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi ivan_t, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.



Step One: Run OTL Custom Scan

Since it's been a few days since you posted I'd like to get some updated logs. I noticed that you ran the OTL scan in safe mode the first time. It would be best if you could run it in normal mode so try that first.
If you can't run it in normal mode, run it again in safe mode.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    volsnap.sys
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    
  • Please select the Scan All Users checkbox.
  • Change the File Age dropdown list from 30 days to 60 days.
  • Under Extra Registry heading, select Use Safelist.
  • Select LOP Check and Purity Check.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.


What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.
  • 0

#5
ivan_t

ivan_t

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi blmadara,

I just saw your reply. Thank you for helping me out on this. I am away from the infected computer right now. I'll take a closer look at your instructions when I get home this evening and then reply again with any results or questions.

Again, thanks!

ivan_t
  • 0

#6
ivan_t

ivan_t

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here are the logfiles from when I ran OTL today in normal mode (includes the "Extra" logfile). I tried running aswMBR.exe, but nothing happened when I double-clicked it (I tried a number times with no positive results).


OTL logfile created on: 4/14/2012 8:11:36 AM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\ivan_t\Desktop\Antimalware Toolbox
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.34% Memory free
10.83 Gb Paging File | 10.16 Gb Available in Paging File | 93.83% Paging File free
Paging file location(s): C:\pagefile.sys 8192 16384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 291.99 Gb Total Space | 170.89 Gb Free Space | 58.52% Space Free | Partition Type: NTFS
Drive D: | 6.02 Gb Total Space | 5.98 Gb Free Space | 99.24% Space Free | Partition Type: FAT32
Drive G: | 114.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: XPS420 | User Name: ivan_t | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/04/06 23:19:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ivan_t\Desktop\Antimalware Toolbox\OTL.exe
PRC - [2012/02/14 16:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\ivan_t\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/12/18 16:23:40 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\Update\realsched.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/18 22:40:06 | 002,016,504 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2011/04/25 05:20:26 | 000,669,040 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/03/29 12:24:46 | 000,196,608 | ---- | M] (Simon Brown, HB9DRV) -- C:\Program Files\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2008/07/12 04:51:21 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/18 11:45:44 | 000,455,336 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
PRC - [2007/09/18 11:45:39 | 000,410,280 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
PRC - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfserv.exe
PRC - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) -- C:\WINDOWS\system32\dldfcoms.exe
PRC - [2007/03/21 01:33:14 | 000,478,800 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/03/20 16:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/02/09 01:30:00 | 000,085,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/02/09 01:29:52 | 001,764,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/02/09 01:29:44 | 000,020,208 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2005/12/21 10:33:40 | 000,177,824 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/12/21 10:33:30 | 000,186,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/12/21 10:33:28 | 000,048,800 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/12/12 15:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2005/08/18 13:56:26 | 000,114,688 | ---- | M] () -- C:\Program Files\Gateway\EzTune\dtsslsrv.exe
PRC - [2005/08/18 13:55:12 | 000,260,608 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Gateway\EzTune\dthtml.exe
PRC - [2005/08/18 13:54:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Gateway\EzTune\DTSRVC.exe
PRC - [2005/01/26 12:57:18 | 000,755,448 | ---- | M] () -- C:\Program Files\WinPortrait\floater.exe
PRC - [2005/01/26 12:57:16 | 000,698,104 | ---- | M] () -- C:\Program Files\WinPortrait\wpctrl.exe
PRC - [2004/08/04 05:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2001/10/11 17:35:02 | 000,082,026 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
PRC - [1999/06/25 13:41:02 | 000,049,664 | ---- | M] (Hasbro Interactive) -- C:\Program Files\Hasbro Interactive\Atari Arcade Hits\Atari icon.exe


========== Modules (No Company Name) ==========

MOD - [2011/05/18 22:40:20 | 000,412,920 | ---- | M] () -- C:\Program Files\UltraVNC\SecureVNCPlugin.dsm
MOD - [2011/02/26 17:58:01 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2010/03/20 10:31:34 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.DLL
MOD - [2010/03/20 10:31:34 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/03/28 06:24:43 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2009/03/28 06:18:37 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.DLL
MOD - [2007/09/18 11:45:44 | 000,455,336 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
MOD - [2007/09/18 11:45:39 | 000,410,280 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
MOD - [2007/09/17 07:19:48 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\DLDFPMON.DLL
MOD - [2007/09/17 07:18:00 | 000,032,768 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\ipcmt.dll
MOD - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfserv.exe
MOD - [2007/05/22 07:17:11 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\dldfcaps.dll
MOD - [2007/05/08 11:48:22 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\dldfdrs.dll
MOD - [2007/05/08 11:44:28 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfscw.dll
MOD - [2007/05/03 23:23:33 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\dldfoem.dll
MOD - [2007/05/03 08:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfdatr.dll
MOD - [2007/05/03 03:38:36 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dldfdrpp.dll
MOD - [2007/04/16 06:47:47 | 000,077,906 | ---- | M] () -- C:\WINDOWS\system32\dldfcfg.dll
MOD - [2007/04/16 06:47:47 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcfg.dll
MOD - [2007/04/09 06:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\DLDFptp.dll
MOD - [2007/03/12 15:17:07 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\dldfcnv4.dll
MOD - [2006/12/28 08:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcats.dll
MOD - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2005/08/18 13:56:26 | 000,114,688 | ---- | M] () -- C:\Program Files\Gateway\EzTune\dtsslsrv.exe
MOD - [2005/08/18 13:54:12 | 000,147,456 | ---- | M] () -- C:\Program Files\Gateway\EzTune\DThook.dll
MOD - [2005/08/18 13:54:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Gateway\EzTune\gui.dll
MOD - [2005/08/18 13:54:04 | 000,061,440 | ---- | M] () -- C:\Program Files\Gateway\EzTune\DTSRVC.exe
MOD - [2005/08/18 13:53:54 | 000,102,400 | ---- | M] () -- C:\Program Files\Gateway\EzTune\PresetsCOM.dll
MOD - [2005/08/18 13:53:18 | 000,197,120 | ---- | M] () -- C:\Program Files\Gateway\EzTune\di2c.dll
MOD - [2005/08/18 13:53:08 | 000,263,680 | ---- | M] () -- C:\Program Files\Gateway\EzTune\wrapi2c.dll
MOD - [2005/01/26 12:57:18 | 000,755,448 | ---- | M] () -- C:\Program Files\WinPortrait\floater.exe
MOD - [2005/01/26 12:57:16 | 000,698,104 | ---- | M] () -- C:\Program Files\WinPortrait\wpctrl.exe
MOD - [2005/01/26 12:56:18 | 000,237,568 | ---- | M] () -- C:\Program Files\WinPortrait\winphook.dll
MOD - [2004/11/17 16:49:06 | 004,603,904 | ---- | M] () -- C:\Program Files\Gateway\EzTune\qt-mt332.dll
MOD - [2004/05/11 15:51:56 | 000,798,720 | ---- | M] () -- C:\Program Files\Gateway\EzTune\libeay32.dll
MOD - [2004/05/11 15:51:56 | 000,155,648 | ---- | M] () -- C:\Program Files\Gateway\EzTune\ssleay32.dll
MOD - [2001/10/11 17:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/11 16:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/18 22:40:06 | 002,016,504 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (uvnc_service)
SRV - [2011/04/25 05:20:26 | 000,669,040 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/03/29 12:24:46 | 000,196,608 | ---- | M] (Simon Brown, HB9DRV) [Auto | Running] -- C:\Program Files\Amateur Radio\Ham Radio Deluxe\HRDRemoteSvr.exe -- (HRD RemoteSvr)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/07/12 04:51:21 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dldfcoms.exe -- (dldf_device)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/02/09 01:29:54 | 000,169,200 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/02/09 01:29:52 | 001,764,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/02/09 01:29:44 | 000,020,208 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/12/21 10:33:40 | 000,177,824 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/12/21 10:33:38 | 000,083,616 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/12/21 10:33:30 | 000,186,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2005/10/19 18:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/08/18 13:56:26 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Gateway\EzTune\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2005/08/18 13:54:04 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Gateway\EzTune\DTSRVC.exe -- (DTSRVC)
SRV - [2005/03/30 22:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Premier\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/08/04 05:56:32 | 001,445,912 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ivan_t\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/02/04 02:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/04 02:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/12 00:01:37 | 000,011,496 | ---- | M] (UVNC BVBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mv2.sys -- (mv2)
DRV - [2011/08/04 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120404.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/04 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120404.004\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/25 04:58:58 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/05/03 20:32:16 | 000,049,904 | ---- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/01/19 10:11:22 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DLPortIO.SYS -- (DLPortIO)
DRV - [2007/06/27 06:05:52 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/06/27 06:04:14 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/10/19 18:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2005/10/19 18:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/09/17 01:20:06 | 000,108,168 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/08/18 13:56:30 | 000,011,776 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pdiddcci.sys -- (pdiddcci)
DRV - [2005/08/18 13:53:28 | 000,009,600 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2005/03/30 22:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/01/26 12:55:24 | 000,009,260 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2005/01/26 12:55:20 | 000,016,425 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (pivot)
DRV - [2004/08/04 05:54:32 | 000,269,387 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2003/08/28 22:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/07/24 19:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2003/07/16 07:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/05/01 14:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [1997/09/24 15:43:24 | 000,026,400 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Driverx.sys -- (DriverX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-606747145-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-606747145-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-606747145-261478967-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-606747145-261478967-839522115-1003\..\SearchScopes,DefaultScope = {F9EDED6B-C5C7-4301-AD97-60AF7084DC24}
IE - HKU\S-1-5-21-606747145-261478967-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-606747145-261478967-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-606747145-261478967-839522115-1003\..\SearchScopes\{F9EDED6B-C5C7-4301-AD97-60AF7084DC24}: "URL" = http://www.google.co...f8&oe=utf8&rlz=
IE - HKU\S-1-5-21-606747145-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606747145-261478967-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/18 16:24:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/03 22:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/17 03:01:47 | 000,000,000 | ---D | M]

[2009/02/18 23:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ivan_t\Application Data\Mozilla\Extensions
[2011/12/08 03:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ivan_t\Application Data\Mozilla\Firefox\Profiles\jtmmn1ty.default\extensions
[2010/04/28 20:13:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ivan_t\Application Data\Mozilla\Firefox\Profiles\jtmmn1ty.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/03 22:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/03 22:01:02 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/03 22:01:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/03 22:01:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/25 18:10:19 | 000,000,023 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: k1ttt.net # K1TTT
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Atari Launcher] C:\Program Files\Hasbro Interactive\Atari Arcade Hits\Atari icon.exe (Hasbro Interactive)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\WinPortrait\wpctrl.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-606747145-261478967-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-606747145-261478967-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-606747145-261478967-839522115-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EzTune.lnk = C:\Program Files\Gateway\EzTune\dthtml.exe (Portrait Displays, Inc)
O4 - Startup: C:\Documents and Settings\ivan_t\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\ivan_t\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\ivan_t\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (Palm, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-261478967-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606747145-261478967-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-606747145-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-606747145-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-606747145-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-606747145-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-606747145-261478967-839522115-1003\..Trusted Domains: centershift.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-606747145-261478967-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-606747145-261478967-839522115-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0249ED44-B640-45BD-8066-17F81BFDC050} http://tv/STREAMPLAYER1.cab (VBrick StreamPlayer Components)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5459BAF4-09A9-422A-AB5C-5F114A7287B5} http://tv/VBPLAYER.cab (CVBUI Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8D59819B-2067-4A6B-84F4-7F84570E3C30} http://192.168.1.9/i...sysMLViewer.cab (LinksysMLViewer Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D2F7A5D7-651D-4044-A3C6-3F818B2052C5} http://192.168.1.9/a...sMLAlertCfg.cab (LinksysMLAlertCfg Control)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://intranet.jpl...SetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {F50B3F13-19C4-11CF-AA9A-02608C9BABA2} http://tv/STREAMPLAYER2.cab (Moonlight-Elecard MPEG2 Video Decoder)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ivan_t\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/30 05:01:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/02/17 09:45:22 | 000,000,044 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

[2012/04/14 08:02:55 | 000,000,000 | ---D | C] -- C:\0d5a2db966b07e7c920ed4786edc
[2012/04/14 08:02:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/04/05 03:17:26 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/05 02:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/04/04 12:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Desktop\Antimalware Toolbox
[2012/04/01 14:41:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/04/01 11:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Application Data\SUPERAntiSpyware.com
[2012/04/01 11:28:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/01 11:28:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/01 11:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/01 07:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Recent
[2012/04/01 07:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Desktop\Start-Files
[2012/03/17 00:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\My Documents\Delta-Sigma 2012-03-16
[2012/03/16 23:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Application Data\Accellion
[2012/03/14 20:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\My Documents\My Shapes
[2012/03/12 16:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Juniper Networks
[2012/03/12 16:35:08 | 000,406,896 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcSmartCardProv.dll
[2012/03/12 16:35:08 | 000,361,840 | ---- | C] (Juniper Networks) -- C:\WINDOWS\System32\dsNcCredProv.dll
[2012/03/12 16:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Juniper Networks
[2012/03/12 16:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2012/03/12 16:34:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Application Data\Juniper Networks
[2012/02/26 11:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2011
[2012/02/17 16:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivan_t\Start Menu\Programs\Palm Desktop
[2012/02/17 16:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\palmOne
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/04/14 08:03:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/04/14 07:46:53 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-606747145-261478967-839522115-1003.job
[2012/04/14 07:46:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/14 07:42:42 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/14 07:42:38 | 3219,042,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/04 12:48:21 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/04 12:48:21 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Volume Control.lnk
[2012/04/04 12:48:21 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/04/04 12:48:21 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/04/04 12:48:21 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/04 12:48:21 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/04 12:48:21 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2012/04/04 12:48:21 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/04 12:48:21 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/04 12:48:21 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\N1MM logger.lnk
[2012/04/04 12:48:21 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2012/04/04 12:48:21 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\spectran.exe.lnk
[2012/04/04 12:48:20 | 000,001,929 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Snapfire Plus.lnk
[2012/04/04 12:48:20 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2012/04/04 12:48:20 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\DX Atlas.lnk
[2012/04/04 12:48:20 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\IrfanView.lnk
[2012/04/04 12:48:14 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/01 15:05:08 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/04/01 15:05:08 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/01 14:48:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/01 11:28:53 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/30 18:38:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-606747145-261478967-839522115-1003.job
[2012/03/28 14:04:40 | 000,012,892 | ---- | M] () -- C:\WINDOWS\Dxb2007.ini
[2012/03/28 13:45:27 | 000,003,026 | ---- | M] () -- C:\WINDOWS\ADIFMaster.INI
[2012/03/23 10:17:59 | 001,423,842 | ---- | M] () -- C:\Documents and Settings\ivan_t\Desktop\scan.pdf
[2012/03/19 16:03:48 | 000,140,498 | ---- | M] () -- C:\Documents and Settings\ivan_t\Desktop\email.pdf
[2012/03/17 00:07:52 | 073,651,909 | ---- | M] () -- C:\Documents and Settings\ivan_t\My Documents\Delta-Sigma Pictures 2012-03-16.zip
[2012/03/14 20:25:18 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2012/03/14 06:10:31 | 000,406,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 03:03:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/13 12:28:13 | 000,064,364 | ---- | M] () -- C:\Documents and Settings\ivan_t\Desktop\New Image.PNG
[2012/03/13 12:26:41 | 000,450,180 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Full page photo print.pdf
[2012/03/13 12:24:30 | 000,255,806 | ---- | M] () -- C:\Documents and Settings\ivan_t\Desktop\New Image.TIF
[2012/03/12 16:06:12 | 000,484,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 16:06:12 | 000,080,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/26 15:54:08 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\ivan_t\Start Menu\Programs\Startup\Dropbox.lnk
[2012/02/26 15:54:08 | 000,001,003 | ---- | M] () -- C:\Documents and Settings\ivan_t\Desktop\Dropbox.lnk
[2012/02/26 11:23:24 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/26 11:20:16 | 000,001,882 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
[2012/02/23 10:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/02/17 16:27:46 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\ivan_t\Start Menu\Programs\Startup\HotSync Manager.lnk
[2012/02/17 16:27:38 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\ivan_t\Desktop\Palm Desktop.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/07 14:57:53 | 3219,042,304 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/04 12:48:21 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2012/04/04 12:48:21 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Volume Control.lnk
[2012/04/04 12:48:21 | 000,001,519 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2012/04/04 12:48:21 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/04/04 12:48:21 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/04 12:48:21 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/04/04 12:48:21 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2012/04/04 12:48:21 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/04 12:48:21 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/04 12:48:21 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\N1MM logger.lnk
[2012/04/04 12:48:21 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2012/04/04 12:48:21 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\spectran.exe.lnk
[2012/04/04 12:48:20 | 000,001,929 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Snapfire Plus.lnk
[2012/04/04 12:48:20 | 000,001,555 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2012/04/04 12:48:20 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\DX Atlas.lnk
[2012/04/04 12:48:20 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\IrfanView.lnk
[2012/04/04 12:48:14 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/04/04 12:08:31 | 000,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
[2012/04/04 12:08:31 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EzTune.lnk
[2012/04/04 12:08:31 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2012/04/04 12:08:31 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2012/04/04 12:08:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/04 12:08:30 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/04/04 12:08:30 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/01 15:05:08 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\ivan_t\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/04/01 15:05:08 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/01 14:48:50 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/01 11:28:53 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/23 10:17:58 | 001,423,842 | ---- | C] () -- C:\Documents and Settings\ivan_t\Desktop\scan.pdf
[2012/03/19 16:03:46 | 000,140,498 | ---- | C] () -- C:\Documents and Settings\ivan_t\Desktop\email.pdf
[2012/03/17 00:07:48 | 073,651,909 | ---- | C] () -- C:\Documents and Settings\ivan_t\My Documents\Delta-Sigma Pictures 2012-03-16.zip
[2012/03/14 20:25:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/03/13 12:28:13 | 000,064,364 | ---- | C] () -- C:\Documents and Settings\ivan_t\Desktop\New Image.PNG
[2012/03/13 12:26:41 | 000,450,180 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Full page photo print.pdf
[2012/03/13 12:24:30 | 000,255,806 | ---- | C] () -- C:\Documents and Settings\ivan_t\Desktop\New Image.TIF
[2012/02/27 04:26:29 | 001,449,285 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-606747145-261478967-839522115-1003-0.dat
[2012/02/27 04:26:27 | 000,367,162 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/26 11:20:20 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/26 11:20:16 | 000,001,882 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2011.lnk
[2012/02/17 16:27:46 | 000,001,490 | ---- | C] () -- C:\Documents and Settings\ivan_t\Start Menu\Programs\Startup\HotSync Manager.lnk
[2012/02/17 16:27:38 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\ivan_t\Desktop\Palm Desktop.lnk
[2012/02/15 06:15:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 06:15:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/03/02 04:16:29 | 001,317,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/05/09 10:25:29 | 000,003,026 | ---- | C] () -- C:\WINDOWS\ADIFMaster.INI
[2010/05/09 05:45:56 | 000,012,892 | ---- | C] () -- C:\WINDOWS\Dxb2007.ini

========== LOP Check ==========

[2008/06/15 05:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\948 Series
[2012/03/12 16:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/04/29 22:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2012/03/27 09:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/20 01:57:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/04/03 02:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/05/24 21:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/09 01:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/11/23 14:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\948 Series
[2012/03/16 23:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\Accellion
[2008/04/05 13:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\DisplayTune
[2012/04/14 07:59:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\Dropbox
[2008/12/25 01:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\GetRightToGo
[2008/04/05 08:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\InterTrust
[2012/03/16 23:43:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\Juniper Networks
[2011/10/08 17:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\Simon Brown, HB9DRV
[2011/07/15 23:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivan_t\Application Data\TrustedQSL
[2012/04/14 08:03:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[1999/04/23 22:22:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=B22B28F61B1BB06723019307F0FAACFC -- C:\RECYCLER\S-1-5-21-606747145-261478967-839522115-1003\Dc79\EXPLORER.EXE

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 05:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/03 22:00:59 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/03 22:00:59 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/03 22:00:59 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/03 22:01:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/03 22:01:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/03 22:01:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/03 22:00:59 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/03 22:00:59 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/03 22:00:59 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/03 22:01:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/03 22:01:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/03 22:01:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 05:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2008/06/17 16:16:14 | 003,463,976 | ---- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 188 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D282699C
< End of report >

OTL Extras logfile created on: 4/14/2012 8:11:36 AM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\ivan_t\Desktop\Antimalware Toolbox
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.34% Memory free
10.83 Gb Paging File | 10.16 Gb Available in Paging File | 93.83% Paging File free
Paging file location(s): C:\pagefile.sys 8192 16384 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 291.99 Gb Total Space | 170.89 Gb Free Space | 58.52% Space Free | Partition Type: NTFS
Drive D: | 6.02 Gb Total Space | 5.98 Gb Free Space | 99.24% Space Free | Partition Type: FAT32
Drive G: | 114.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: XPS420 | User Name: ivan_t | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"7805:TCP" = 7805:TCP:*:Enabled:Ham Radio Deluxe
"7805:UDP" = 7805:UDP:*:Enabled:Ham Radio Deluxe (UDP)
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\WINDOWS\system32\dldfcoms.exe" = C:\WINDOWS\system32\dldfcoms.exe:*:Enabled:Dell Communications System -- ( )
"C:\Program Files\Dell AIO Printer 948\dldfmon.exe" = C:\Program Files\Dell AIO Printer 948\dldfmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\Program Files\Dell AIO Printer 948\dldfaiox.exe" = C:\Program Files\Dell AIO Printer 948\dldfaiox.exe:*:Enabled:AIOC exe -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\dldfjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Dell AIO Printer 948\dldfafcn.exe" = C:\Program Files\Dell AIO Printer 948\dldfafcn.exe:*:Enabled: -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\N1MM logger\N1MM Logger.exe" = C:\Program Files\N1MM logger\N1MM Logger.exe:*:Enabled:N1MM Logger -- ()
"C:\Program Files\Field Day Network 2.5\FldNet.exe" = C:\Program Files\Field Day Network 2.5\FldNet.exe:*:Enabled:FldNet -- ()
"C:\Program Files\Dell AIO Printer 948\DLDFFax.exe" = C:\Program Files\Dell AIO Printer 948\DLDFFax.exe:*:Enabled:Fax Solutions Software -- ()
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Documents and Settings\ivan_t\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\ivan_t\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 30
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{360EDFB0-EAA2-012B-AD16-000000000000}" = TurboTax 2009 wcaiper
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{409ECFF1-9CC7-43A8-B28A-B7F0B7CB04D1}_is1" = Classic Menu 3.x for Office 2007
"{46B63F23-2B4A-4525-A827-688026BE5E40}" = Symantec AntiVirus
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DF979D5-464C-4926-AF73-54C1C219F06A}" = Ham Radio Deluxe
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5B9CF546-8578-42BE-A2CF-A83CA4377C6C}" = Global QSL Graphic Editor
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84288B51-B162-47FB-A74E-25C6D67E44BB}" = EzTune
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87FF0E39-8490-4EB4-A557-FF12F712EF7E}" = TurboTax 2010 wcaiper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903059D3-1A4D-11D6-8C04-00036D203008}" = DXbase 2003
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C63EC4D-13EE-11DB-88D1-0002E3059FB4}" = DXbase 2007
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F35C750-342D-4738-93D9-7A381A5218DF}" = LogConv
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"Atari Arcade Hits" = Atari Arcade Hits
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"Cool Edit 2000" = Cool Edit 2000
"Dell AIO Printer 948" = Dell AIO Printer 948
"DX Atlas_is1" = DX Atlas 2.25
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EZNEC" = EZNEC
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"IrfanView" = IrfanView (remove only)
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"N1MM logger" = N1MM logger
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 15.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"ST6UNST #1" = Field Day Network 2.5
"TrustedQSL_is1" = TrustedQSL 1.13
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax 2011" = TurboTax 2011
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Ultravnc2_is1" = UltraVnc
"Uninstall Serenade SV 8.5" = Serenade SV 8.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-606747145-261478967-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2012 7:25:37 PM | Computer Name = XPS420 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Gen.2 in File: C:\Documents and Settings\ivan_t\Application
Data\Sun\Java\Deployment\cache\6.0\3\1ce1e903-186d8301>>xmltree/erandus.class by:
Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully. Threat Found!Threat: Trojan.Gen.2 in File: C:\Documents and Settings\ivan_t\Application
Data\Sun\Java\Deployment\cache\6.0\3\1ce1e903-186d8301>>xmltree/opkat.class by:
Manual scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully. Threat Found!Threat: in File: C:\Documents and Settings\ivan_t\Application
Data\Sun\Java\Deployment\cache\6.0\3\1ce1e903-186d8301 by: Manual scan. Action:
Quarantine succeeded. Action Description: The file was quarantined successfully.


Error - 4/1/2012 7:25:37 PM | Computer Name = XPS420 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.Maljava in File: C:\Documents and Settings\ivan_t\Application
Data\Sun\Java\Deployment\cache\6.0\31\1122219f-40bec8f7>>datas/wall.class by: Manual
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully. Threat Found!Threat: Trojan.Maljava in File: C:\Documents and Settings\ivan_t\Application
Data\Sun\Java\Deployment\cache\6.0\31\1122219f-40bec8f7>>datas/b.class by: Manual
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully. Threat Found!Threat: Trojan.Maljava in File: C:\Documents and Settings\ivan_t\Application
Data\Sun\Java\Deployment\cache\6.0\31\1122219f-40bec8f7>>datas/a.class by: Manual
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 4/1/2012 8:30:01 PM | Computer Name = XPS420 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: in File: C:\Documents and Settings\ivan_t\Application
Data\Sun\Java\Deployment\cache\6.0\31\1122219f-40bec8f7 by: Manual scan. Action:
Quarantine succeeded. Action Description: The file was quarantined successfully.
Threat
Found!Threat: Trojan.Gen.2 in File: C:\Documents and Settings\ivan_t\Application
Data\Sun\Java\Deployment\cache\6.0\46\3d099aae-12888199>>gwhtackueccyqtyy.class
by: Manual scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully. Threat Found!Threat: in File: C:\Documents and Settings\ivan_t\Application
Data\Sun\Java\Deployment\cache\6.0\46\3d099aae-12888199 by: Manual scan. Action:
Quarantine succeeded. Action Description: The file was quarantined successfully.


Error - 4/1/2012 8:58:16 PM | Computer Name = XPS420 | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
spybotsd.exe, version 1.6.2.46, fault address 0x000049ee.

Error - 4/4/2012 4:59:19 PM | Computer Name = XPS420 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Threat: Trojan.FakeAV in File: C:\SYSTEM~1\_RESTO~1\RP1535\A0133542.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was deleted successfully.

Error - 4/4/2012 4:59:19 PM | Computer Name = XPS420 | Source = Symantec AntiVirus | ID = 16711685
Description = Threat Found!Threat: Trojan.FakeAV in File: C:\System Volume Information\_restore{10DCE562-90C9-402F-8F91-F700667B5A00}\RP1535\A0133542.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 4/4/2012 5:00:56 PM | Computer Name = XPS420 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Threat: Trojan.FakeAV in File: C:\SYSTEM~1\_RESTO~1\RP1535\A0133542.exe
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded
: Access denied. Action Description: The file was deleted successfully.

Error - 4/5/2012 12:17:13 AM | Computer Name = XPS420 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/5/2012 5:08:15 AM | Computer Name = XPS420 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 4/7/2012 6:18:10 PM | Computer Name = XPS420 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ OSession Events ]
Error - 1/14/2009 7:07:26 AM | Computer Name = XPS420 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 264209
seconds with 1860 seconds of active time. This session ended with a crash.

Error - 7/5/2009 2:08:09 PM | Computer Name = XPS420 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/5/2009 2:08:18 PM | Computer Name = XPS420 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/7/2012 2:24:36 AM | Computer Name = XPS420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/7/2012 2:24:41 AM | Computer Name = XPS420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/7/2012 2:26:54 AM | Computer Name = XPS420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/7/2012 2:27:12 AM | Computer Name = XPS420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/7/2012 2:28:45 AM | Computer Name = XPS420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/7/2012 3:15:16 AM | Computer Name = XPS420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/7/2012 3:16:11 AM | Computer Name = XPS420 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl Fips intelppm pivot SASDIFSV SASKUTIL SAVRT SAVRTPEL SYMTDI

Error - 4/7/2012 3:32:11 AM | Computer Name = XPS420 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/7/2012 5:59:58 PM | Computer Name = XPS420 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/14/2012 10:44:40 AM | Computer Name = XPS420 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

#7
ivan_t

ivan_t

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
It looks like I have the "Windows Defender" virus. I think this might be why the machine won't let me run aswMBR.exe.
  • 0

#8
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi ivan_t,

Step One: Post Combofix log

I see that you have run ComboFix. ComboFix is a powerful tool and it is dangerous to run it without trained supervision. If it is not used properly it could damage your operating system and make your computer unbootable. I'd like to see the results, so please post the ComboFix log in your next reply. It can be found at, C:\Combofix.txt.


Step Two: Disable Tea Timer

We'll need to disable Spybot's TeaTimer to make sure it won't interfere with fixes. TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.
  • Run Spybot-S&D in Advanced Mode:
    • Open SpyBot S&D by going to Start -> All Programs -> Spybot Search & Destroy -> Spybot Search & Destroy.
    • If prompted with a legal dialog, accept the warning.
    • Go to the Mode menu and select Advanced Mode.
    • If you are presented with a warning dialog, choose Yes.
  • On the left side click Tools.
  • Click on the Resident icon in the list.
  • Uncheck Resident "SDHelper" (Internet Explorer bad download blocker) active.
  • Uncheck Resident "TeaTimer" (Protection of over-all system settings) active.
  • Close/Exit Spybot Search and Destroy.

Step Three: Run TDSSKiller
Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



Step Four: Backup Registry with ERUNT

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be extremely dangerous if you do not know exactly what you are doing so follow the steps that are listed below exactly. If you cannot perform some of these steps or if you have any questions please ask before proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe


Step Five: OTL Fix

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O1 - Hosts: k1ttt.net # K1TTT
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


What I need in your next post:
1. The combofix log, C:\Combofix.txt.
2. The report produced by TDSSKiller, TDSSKiller.[Version]_[Date]_[Time]_log.txt.
3. The reports produced by OTL.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP