OTL logfile created on: 3/31/2012 11:04:03 PM - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.50 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 58.53% Memory free
2.83 Gb Paging File | 2.04 Gb Available in Paging File | 71.93% Paging File free
Paging file location(s): C:\pagefile.sys 500 800 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 29.95 Gb Free Space | 40.23% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 931.51 Gb Total Space | 866.15 Gb Free Space | 92.98% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 866.15 Gb Free Space | 92.98% Space Free | Partition Type: NTFS
Drive H: | 1862.98 Gb Total Space | 1772.95 Gb Free Space | 95.17% Space Free | Partition Type: NTFS
 
Computer Name: DJB7QB1-CDS | User Name: cds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/03/31 22:56:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\OTL.exe
PRC - [2012/03/17 11:32:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/06 04:38:05 | 026,067,683 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\einstein.phys.uwm.edu\einstein_S6LV1_1.10_windows_intelx86__SSE2.exe
PRC - [2012/03/02 11:09:08 | 008,247,278 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4_1.22_windows_intelx86__BRP4cuda32.exe
PRC - [2011/12/07 21:31:28 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/24 15:57:48 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2011/08/24 15:48:02 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2011/08/24 15:42:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2011/07/28 18:58:54 | 004,514,992 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2011/07/28 18:58:50 | 000,070,832 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2011/07/28 18:58:48 | 000,902,320 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
PRC - [2009/12/16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2009/07/29 13:34:48 | 007,320,872 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/11/05 12:51:28 | 000,203,965 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\always-on-top.exe
PRC - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 15:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/04 10:41:00 | 000,035,328 | ---- | M] (Logitech Inc.                    ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/03/31 02:07:24 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/17 11:32:49 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/06 04:38:05 | 026,067,683 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\einstein.phys.uwm.edu\einstein_S6LV1_1.10_windows_intelx86__SSE2.exe
MOD - [2012/03/02 11:09:08 | 008,247,278 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BOINC\projects\einstein.phys.uwm.edu\einsteinbinary_BRP4_1.22_windows_intelx86__BRP4cuda32.exe
MOD - [2012/02/16 20:25:16 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 20:25:16 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 20:25:14 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
MOD - [2012/02/16 20:25:11 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/02/16 20:16:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 20:16:12 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/16 20:15:53 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/16 20:13:45 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/16 20:06:08 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/16 20:05:53 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 20:05:51 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/17 13:13:39 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/07/05 12:14:54 | 000,081,920 | ---- | M] () -- C:\Program Files\BOINC\zlib1.dll
MOD - [2008/11/05 12:51:28 | 000,203,965 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\always-on-top.exe
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/07 13:36:34 | 001,953,792 | ---- | M] () -- C:\Program Files\Ipswitch\WS_FTP Professional\res0409.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Prosoft\Prosoft Data Backup PC3\psService.exe -- (psService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/31 02:10:41 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/24 15:57:48 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2011/08/24 15:48:02 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010/05/20 16:06:30 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe -- (HPWJAService)
SRV - [2009/12/16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/07/29 06:42:14 | 000,083,240 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2009/01/08 13:16:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/07 20:41:46 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2005/09/23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\vprjee.sys -- (oiaodjt)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011/09/21 11:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009/10/20 19:00:10 | 000,089,680 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2009/10/20 19:00:04 | 000,130,640 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2008/02/01 16:17:12 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2008/02/01 16:17:06 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/05/25 15:40:00 | 001,156,808 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/10/02 10:41:00 | 000,067,441 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001/10/02 10:41:00 | 000,050,433 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/10/02 10:41:00 | 000,005,841 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wiseacres.dynalias.com:8080/
IE - HKCU\..\SearchScopes,DefaultScope = {406BA193-4FE4-44F8-8CED-43358BE34956}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{1892F1F1-2F54-42C5-AACD-99145256D902}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{406BA193-4FE4-44F8-8CED-43358BE34956}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\VWPT: "URL" = http://search.viewpoint.com/pl/search?tab=1&k={searchTerms}&addr=1&query=vb=1%26tn%3D0%26addr%3D1%26type%3Drel39%5fxp%26instid%3DViewpointV39%5fxp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.yahoo.com/"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@alternatiff.com/AlternaTIFF: C:\Program Files\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 11:33:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9BDF097C-7840-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\{9BDF097C-7840-11E1-826D-B8AC6F996F26}\ [2012/03/27 15:11:15 | 000,000,000 | ---D | M]
 
[2011/06/26 19:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Mozilla\Extensions
[2012/03/27 09:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Mozilla\Firefox\Profiles\3y5tqzhs.default\extensions
[2012/03/22 23:20:05 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Mozilla\Firefox\Profiles\3y5tqzhs.default\extensions\inspector@mozilla.org
[2012/01/02 14:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/06 15:54:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\{902D2C4A-457A-4EF9-AD43-7014562929FF}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\BOOKMARKFAVICONCHANGER@SONTHAKIT.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\CLOSEOTHERTABS@FLORIAN-VOLK.NET.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\OLDFACTORY_OPTIONS@WWW.THEME-OASIS.ORG.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\SNAPLINKS@SNAPLINKS.MOZDEV.ORG.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\ZOOMPAGE@DW-DEV.XPI
[2012/03/27 15:11:15 | 000,000,000 | ---D | M] (Translate This!) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\LOCAL SETTINGS\APPLICATION DATA\{9BDF097C-7840-11E1-826D-B8AC6F996F26}
[2012/03/17 11:33:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 20:30:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/03/31 10:39:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [Display] C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.                    )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\always-on-top.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SubstG.lnk = C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: fastenal.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: marriott.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: solidworks.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([https] in Trusted sites)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.0.cab (AlternaTIFF ActiveX)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} http://pacificbearing.sp02.partcommunity.com/PARTcommunity/portal/all/cnsViewer3D/cnsweb3d.cab (PARTsolutions 3D Web Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} http://www.immdesign.com/webview/IPAWebView.cab (Ipa Control)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231364466602 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231364521836 (MUWebControl Class)
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} http://wiseacres.dynalias.com:8080/Ctl/WinWebPush.cab (WebWatch Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202002/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstFred.ocx (InstaFred)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://zcorpevents.webex.com/client/T27L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEFFEA56-3C42-423E-B553-D7A2DACC5DAA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEFFEA56-3C42-423E-B553-D7A2DACC5DAA}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/19 21:37:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/16 15:03:24 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008/02/15 16:11:36 | 000,000,052 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/03/31 22:41:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup (Disabled by Starter)
[2012/03/31 10:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan
[2012/03/31 10:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/31 09:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/31 09:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/03/31 09:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\TestApp
[2012/03/27 15:11:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\{9BDF097C-7840-11E1-826D-B8AC6F996F26}
[2012/03/06 16:11:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\.gimp-2.7
[2012/03/06 16:11:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\gegl-0.1
[2012/03/06 16:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2.7
[2012/03/06 15:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/06 15:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/03/05 12:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Inkscape
[2012/03/03 14:34:55 | 000,000,000 | ---D | C] -- C:\APCPowerChuteConfig
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/03/31 23:09:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/31 22:49:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/31 22:49:32 | 2681,892,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/31 22:45:57 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/31 22:44:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/31 18:28:00 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dd5f8d9b-553c-4873-8acd-6f5e21a44d4d.job
[2012/03/31 11:55:16 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/31 10:39:29 | 000,003,276 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2012/03/31 10:00:56 | 000,662,599 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/31 09:57:55 | 000,001,455 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\sdsetup.exe.lnk
[2012/03/31 04:44:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/29 17:41:22 | 000,258,482 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\recently-used.xbel
[2012/03/28 20:36:48 | 000,218,514 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\RevisionEA.pdf
[2012/03/28 20:13:48 | 000,062,031 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\conantcover.pdf
[2012/03/28 19:10:04 | 000,455,481 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DSCF1899.JPG
[2012/03/28 19:09:58 | 000,459,124 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DSCF1898.JPG
[2012/03/25 17:17:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-776561741-839522115-1007.job
[2012/03/23 19:34:23 | 000,460,412 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\keplersolver.pdf
[2012/03/18 19:18:19 | 000,116,907 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Pal2002a.pdf
[2012/03/16 01:11:39 | 000,000,977 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\arrowhead.xcf
[2012/03/15 18:15:29 | 000,082,661 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\test.pdf
[2012/03/15 16:10:24 | 000,439,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 15:58:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/15 14:13:00 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2009 SP4.1.lnk
[2012/03/12 13:41:24 | 000,036,028 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\boincgoof.tif
[2012/03/12 00:00:27 | 000,491,408 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 00:00:26 | 000,090,300 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/11 23:06:35 | 000,269,294 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\wolfftrig.pdf
[2012/03/06 17:22:21 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/03/06 17:22:21 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2012/03/06 15:53:59 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/05 13:03:40 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2012/03/05 13:03:40 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/03/31 22:05:16 | 2681,892,864 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/31 11:55:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/31 10:12:25 | 000,003,276 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2012/03/31 10:00:49 | 000,662,599 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/31 09:57:55 | 000,001,455 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\sdsetup.exe.lnk
[2012/03/31 02:07:29 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/29 17:41:22 | 000,258,482 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\recently-used.xbel
[2012/03/28 20:36:46 | 000,218,514 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\RevisionEA.pdf
[2012/03/28 20:13:48 | 000,062,031 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\conantcover.pdf
[2012/03/28 20:10:58 | 000,459,124 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DSCF1898.JPG
[2012/03/28 20:10:56 | 000,455,481 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DSCF1899.JPG
[2012/03/23 19:34:22 | 000,460,412 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\keplersolver.pdf
[2012/03/18 19:18:18 | 000,116,907 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Pal2002a.pdf
[2012/03/16 01:11:39 | 000,000,977 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\arrowhead.xcf
[2012/03/15 18:15:29 | 000,082,661 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\test.pdf
[2012/03/12 13:41:24 | 000,036,028 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\boincgoof.tif
[2012/03/11 23:06:35 | 000,269,294 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\wolfftrig.pdf
[2012/03/06 17:22:21 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP 2.lnk
[2012/03/06 17:22:21 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2012/03/06 16:10:31 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/03/06 15:53:59 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/05 13:03:59 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Inkscape.lnk
[2012/03/05 13:03:40 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2012/03/05 13:03:40 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Inkscape.lnk
[2012/02/15 02:15:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/06 16:58:07 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/01/19 16:08:27 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\.ptbt1
[2011/12/07 03:40:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/07 03:40:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/07 03:40:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/07 03:40:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/07 03:40:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/10 16:53:26 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/06/26 19:37:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/23 21:04:27 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/23 21:04:25 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/23 21:04:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/23 21:04:01 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/12/15 16:55:15 | 000,393,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/22 13:30:39 | 000,000,135 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2010/07/29 18:54:47 | 000,000,536 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/01/07 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Actify
[2010/01/21 11:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/03/31 22:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/31 22:54:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2009/01/13 17:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2010/06/01 11:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Huggle
[2010/02/12 01:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/07/27 12:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prosoft
[2012/03/31 09:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/03/31 02:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/07/27 09:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/12/04 16:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Autodesk
[2009/12/04 16:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\cadenas
[2010/02/13 15:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
[2010/01/08 03:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\DassaultSystemes
[2010/02/12 01:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Downloaded Installations
[2009/12/04 16:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\DWGeditor
[2010/01/13 16:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\EDrawings
[2011/12/06 23:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\ElevatedDiagnostics
[2012/03/06 16:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\gtk-2.0
[2012/03/31 22:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\IM
[2010/08/30 14:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\inkscape
[2009/12/04 16:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\IrfanView
[2010/02/12 02:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Nitro PDF
[2009/12/04 16:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\PC-FAX TX
[2010/02/13 13:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Salehoo
[2009/12/04 16:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Scooter Software
[2009/12/04 13:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\sldIM
[2012/03/31 09:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\TestApp
[2010/02/23 13:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\TotalRecorder
[2012/03/31 18:28:00 | 000,000,546 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dd5f8d9b-553c-4873-8acd-6f5e21a44d4d.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >