[Cstaffa]

OTL log:

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9BDF097C-7840-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\{9BDF097C-7840-11E1-826D-B8AC6F996F26}\ not found.
C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\LOCAL SETTINGS\APPLICATION DATA\{9BDF097C-7840-11E1-826D-B8AC6F996F26}\chrome\content folder moved successfully.
C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\LOCAL SETTINGS\APPLICATION DATA\{9BDF097C-7840-11E1-826D-B8AC6F996F26}\chrome folder moved successfully.
C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\LOCAL SETTINGS\APPLICATION DATA\{9BDF097C-7840-11E1-826D-B8AC6F996F26} folder moved successfully.
========== REGISTRY ==========
========== FILES ==========
File\Folder c:\documents and settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\{9BDF097C-7840-11E1-826D-B8AC6F996F26} not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\cmd.bat deleted successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: cds.DJB7QB1-CDS.000
->Temp folder emptied: 1328000 bytes
->Temporary Internet Files folder emptied: 3349139 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 90563612 bytes
->Flash cache emptied: 885 bytes

User: cds.NPA
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: CDSDJB~1~000

User: CURRENT_USER.NPA

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ILEA Design
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83352 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 85565 bytes

Total Files Cleaned = 91.00 mb


[EMPTYFLASH]

User: All Users

User: cds.DJB7QB1-CDS.000
->Flash cache emptied: 0 bytes

User: cds.NPA
->Flash cache emptied: 0 bytes

User: CDSDJB~1~000

User: CURRENT_USER.NPA

User: Default User
->Flash cache emptied: 0 bytes

User: ILEA Design

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: cds.DJB7QB1-CDS.000
->Java cache emptied: 0 bytes

User: cds.NPA

User: CDSDJB~1~000

User: CURRENT_USER.NPA

User: Default User

User: ILEA Design
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04072012_114025

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Advertisements]

After running the OTL, I began updating my Firefox plugins. I reinstalled Java 6 and the new version of Silverlight. I installed the new version of RealPlayer and have been having trouble with its plugins. I kept seeing a RealJukeBox NS plugin which isn't recognized by Mozilla's plugin check (It shows as "Unknown plugin"). Oddly, this showed in the plugin check, but not in the Add-ons manager under Plugins.
I tried contacting RealMedia support who weren't much help. I last installed RealPlayer from a distribution that RealMedia support sent me. After a reboot or two, I got FIVE RealMedia plugins:

RealJukeBox NS Plugin
RealNetworks™ Chrome Background Extension Plug-In (32-bit)
RealPlayer Version Plugin
RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
RealPlayer™ HTMLVideoShim Plug-In (32-bit)

At least these all showed up in the Add-ons Manager, with only a Disable button for each. I followed the directions at Mozilla and renamed the five dll's. The Add-ons manager now shows for each plugin four buttons: Options, Enable, Disable, and Remove. I tried Remove for all five and restarted Firefox, but they still appear in the Add-ons Manager, though they show as disabled.

I don't know whether to think that this is just RealMedia not playing at all nicely with Firefox, or whether something else is involved.

[Cstaffa]

After running the OTL, I began updating my Firefox plugins. I reinstalled Java 6 and the new version of Silverlight. I installed the new version of RealPlayer and have been having trouble with its plugins. I kept seeing a RealJukeBox NS plugin which isn't recognized by Mozilla's plugin check (It shows as "Unknown plugin"). Oddly, this showed in the plugin check, but not in the Add-ons manager under Plugins.
I tried contacting RealMedia support who weren't much help. I last installed RealPlayer from a distribution that RealMedia support sent me. After a reboot or two, I got FIVE RealMedia plugins:

RealJukeBox NS Plugin
RealNetworks™ Chrome Background Extension Plug-In (32-bit)
RealPlayer Version Plugin
RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)
RealPlayer™ HTMLVideoShim Plug-In (32-bit)

At least these all showed up in the Add-ons Manager, with only a Disable button for each. I followed the directions at Mozilla and renamed the five dll's. The Add-ons manager now shows for each plugin four buttons: Options, Enable, Disable, and Remove. I tried Remove for all five and restarted Firefox, but they still appear in the Add-ons Manager, though they show as disabled.

I don't know whether to think that this is just RealMedia not playing at all nicely with Firefox, or whether something else is involved.

[SweetTech]

Hi!

It sounds like it's just Firefox not wanting to place nice with things.

I'm not sure I follow what you're trying to do with those plugins related to RealPlayer.

Please run these scans for me:

Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.60.1.1000) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

• Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
  For instructions with screenshots, please refer to this Guide.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
• If an update is found, the program will automatically update itself. Press the OK button and continue.
• If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

• Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
• Click on the Scan button.
• When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked and then click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
• Exit Malwarebytes' when done.

Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
  
  • Enable Anti-Stealth technology
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin
  scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as
  ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push

NEXT:



Security Check
Download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

[Cstaffa]

If these show that this computer is now fairly clean, I would like to reinstall SuperAntiSpyware on it.

Mbam log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.08.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
cds :: DJB7QB1-CDS [administrator]

4/8/2012 12:15:25 PM
mbam-log-2012-04-08 (12-15-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245740
Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET scan log:

C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.zip multiple threats
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix.exe multiple threats
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix\Process.exe Win32/PrcView application
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix\SmitfraudFix.zip multiple threats
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DNS Trojan\SmitfraudFix.exe multiple threats
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\Process.exe Win32/PrcView application
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\SmitfraudFix.zip multiple threats
C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Downloads\SmitfraudFix.exe multiple threats
C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix.zip multiple threats
C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix\Process.exe Win32/PrcView application
C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\Qoobox\Quarantine\C\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\jcw.exe.vir a variant of Win32/Kryptik.XGJ trojan
C:\System Volume Information\_restore{DA09BF5B-8547-4AEC-82B8-87CC12889765}\RP1106\A0115783.exe multiple threats
C:\System Volume Information\_restore{DA09BF5B-8547-4AEC-82B8-87CC12889765}\RP1106\A0115806.exe Win32/PrcView application
C:\System Volume Information\_restore{DA09BF5B-8547-4AEC-82B8-87CC12889765}\RP1106\A0115809.exe Win32/Shutdown.NAA application
C:\System Volume Information\_restore{DA09BF5B-8547-4AEC-82B8-87CC12889765}\RP1106\A0115822.exe Win32/PrcView application
C:\TDSSKiller_Quarantine\07.12.2011_03.23.36\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan
F:\GCopy\Software\SmitfraudFix.exe multiple threats
F:\GCopy\Software\SmitfraudFix\Process.exe Win32/PrcView application
F:\GCopy\Software\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
F:\Old Users\cds.DJB7QB1-CDS\Desktop\SmitfraudFix.zip multiple threats
F:\Old Users\cds.NPA0\Desktop\SmitfraudFix.zip multiple threats
F:\Old Users\cds.NPA0\Desktop\SmitfraudFix\Process.exe Win32/PrcView application
F:\Old Users\cds.NPA0\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
G:\Software\SmitfraudFix.exe multiple threats
G:\Software\SmitfraudFix\Process.exe Win32/PrcView application
G:\Software\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
H:\cds.DJB7QB1-CDS.000\Application Data\Sun\Java\Deployment\cache\6.0\39\58ec35a7-2e1dad05 a variant of Java/Exploit.CVE-2010-4452.A trojan
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.zip multiple threats
H:\cds.DJB7QB1-CDS.000\Desktop\DNS Trojan\SmitfraudFix.exe multiple threats
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\Process.exe Win32/PrcView application
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\SmitfraudFix.zip multiple threats

Security Check output:

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Pro Antivirus
ESET Online Scanner v3
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 31
Adobe Flash Player 11.2.202.228
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

Security Check with Avast shields on:

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Pro Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 31
Adobe Flash Player 11.2.202.228
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````

[SweetTech]

Hi Cstaffa!

Apologizes for not responding back to you yesterday, I was a bit under the weather and spent the entire day in bed.

Please re-install SuperAntiSpyware after you proceed with the OTL fix a little later in this post.

These threat(s) below are currently in Quarantine/System Restore and shall be removed when we clean up our tools later on.

C:\Qoobox\Quarantine\C\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\jcw.exe.vir a variant of Win32/Kryptik.XGJ trojan
C:\System Volume Information\_restore{DA09BF5B-8547-4AEC-82B8-87CC12889765}\RP1106\A0115783.exe multiple threats
C:\System Volume Information\_restore{DA09BF5B-8547-4AEC-82B8-87CC12889765}\RP1106\A0115806.exe Win32/PrcView application
C:\System Volume Information\_restore{DA09BF5B-8547-4AEC-82B8-87CC12889765}\RP1106\A0115809.exe Win32/Shutdown.NAA application
C:\System Volume Information\_restore{DA09BF5B-8547-4AEC-82B8-87CC12889765}\RP1106\A0115822.exe Win32/PrcView application
C:\TDSSKiller_Quarantine\07.12.2011_03.23.36\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan

These threat(s) below will be removed very shortly:

C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.zip multiple threats
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix.exe multiple threats
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix\Process.exe Win32/PrcView application
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix\SmitfraudFix.zip multiple threats
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DNS Trojan\SmitfraudFix.exe multiple threats
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\Process.exe Win32/PrcView application
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\SmitfraudFix.zip multiple threats
C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Downloads\SmitfraudFix.exe multiple threats
C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix.zip multiple threats
C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix\Process.exe Win32/PrcView application
C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
F:\GCopy\Software\SmitfraudFix.exe
F:\GCopy\Software\SmitfraudFix\Process.exe Win32/PrcView application
F:\GCopy\Software\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
F:\Old Users\cds.DJB7QB1-CDS\Desktop\SmitfraudFix.zip multiple threats
F:\Old Users\cds.NPA0\Desktop\SmitfraudFix.zip multiple threats
F:\Old Users\cds.NPA0\Desktop\SmitfraudFix\Process.exe Win32/PrcView application
F:\Old Users\cds.NPA0\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
G:\Software\SmitfraudFix.exe multiple threats
G:\Software\SmitfraudFix\Process.exe Win32/PrcView application
G:\Software\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
H:\cds.DJB7QB1-CDS.000\Application Data\Sun\Java\Deployment\cache\6.0\39\58ec35a7-2e1dad05 a variant of Java/Exploit.CVE-2010-4452.A trojan
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.zip multiple threats
H:\cds.DJB7QB1-CDS.000\Desktop\DNS Trojan\SmitfraudFix.exe multiple threats
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\Process.exe Win32/PrcView application
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\SmitfraudFix.zip multiple threats
C:\TDSSKiller_Quarantine\07.12.2011_03.23.36\rtkt0000\svc0000\tsk0000.dta Win32/Agent.SUC.Gen trojan

____________________________________________________

From the looks of your SecurityCheck log, I can see that we have some outdated programs that need to be updated.

Lets address those programs that need updating now!

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Microsoft: ‘Unprecedented Wave of Java Exploitation’
• Drive-by Trojan preying on out-of-date Java installations
• Ghosts of Java Haunt Users

Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
• Look for "Java Platform, Standard Edition".
• Click the "Download JRE" button to the right.
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• From the list, select your OS and Platform:
  
  • 32-bit Select: Windows x86 Offline.
  • 64-bit Select: Windows x64.
• If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

Go to > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-7u3-windows-i586-s.exe (or jre-7u3-windows-x64.exe for 64-bit) to install the newest version.
• If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
• When the Java Setup - Welcome window opens, click the Install > button.
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
• The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

• Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
• Click Ok and reboot your computer.

NEXT


OTL Fix

We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Services
  :OTL
  
  :Reg
  
  :Files
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.zip
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix.exe
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix\Process.exe
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix\restart.exe
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix\
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DNS Trojan\SmitfraudFix.exe
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\Process.exe
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\restart.exe
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Downloads\SmitfraudFix.exe
  C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix.zip
  C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix\Process.exe
  C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix\restart.exe
  C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix\
  F:\GCopy\Software\SmitfraudFix.exe
  F:\GCopy\Software\SmitfraudFix\Process.exe
  F:\GCopy\Software\SmitfraudFix\
  F:\GCopy\Software\SmitfraudFix\restart.exe
  F:\Old Users\cds.DJB7QB1-CDS\Desktop\SmitfraudFix.zip
  F:\Old Users\cds.NPA0\Desktop\SmitfraudFix.zip
  F:\Old Users\cds.NPA0\Desktop\SmitfraudFix\Process.exe
  F:\Old Users\cds.NPA0\Desktop\SmitfraudFix\restart.exe
  F:\Old Users\cds.NPA0\Desktop\SmitfraudFix\
  G:\Software\SmitfraudFix.exe
  G:\Software\SmitfraudFix\Process.exe
  G:\Software\SmitfraudFix\restart.exe
  G:\Software\SmitfraudFix\
  H:\cds.DJB7QB1-CDS.000\Application Data\Sun\Java\Deployment\cache\6.0\39\58ec35a7-2e1dad05
  H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.zip
  H:\cds.DJB7QB1-CDS.000\Desktop\DNS Trojan\SmitfraudFix.exe
  H:\cds.DJB7QB1-CDS.000\Desktop\DNS Trojan\
  H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\Process.exe
  H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\restart.exe
  H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\SmitfraudFix.zip
  H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\
  C:\TDSSKiller_Quarantine\
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]
  [EMPTYFLASH]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  
  netsvcs
  drivers32
  hklm\software\clients\startmenuinternet|command /rs
  %systemroot%\*. /rp /s
  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  

• Push the button.
• A report will open. Copy and Paste that report in your next reply.

NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

[Cstaffa]

I am sorry to hear that you haven't been well. I do hope that your rest was beneficial and that you will feel better soon.


1. Java Update


I uninstalled Java 6 from Add or Remove Programs. I fumbled in that I started the uninstall before the download of the Java 7 offline installer was complete, so I aborted the uninstall and restarted it after the download finished.

I noticed an odd behavior downloading the installer. It is listed as 19.38MB and the file on my desktop shows 19.3 MB. When downloading it, the process went normally until about 18.4 MB, when it suddenly jumped to 19.3 and complete.

After the download finished, I shut Firefox and uninstalled Java 6. After that, I noted that its plugins still showed up in the Firefox Add-ons Manager, though disabled. I clicked the Remove button for each and shut Firefox again.

I now see that I neglected to reboot after uninstalling Java 6. On running the Java 7 install, I got an error only a few seconds after the intro screen, "The wizard was interrupted before...". Suspecting that this was due to a faulty download, I tried the download again, and got the same odd download behavior. I then switched from Firefox to IE and again, it jumped over the last megabyte.

I rebooted the machine and tried running the installer again. It ran through, and I did not see any options such as the install of McAfee Security Scan Plus or any Toolbar.

Since I did not trust the install due to the odd download behavior noted above, I downloaded the installer on my Nokia N800 Internet Tablet. It downloaded with no surprises, stepping through each .1 MB up to 19.3. I uninstalled Java 7 with Add/Remove Programs and reinstalled with the new download. I probably did not reboot after the uninstall, but the installer again finished without error, and again without any options for additional software.

I did turn off JQS as instructed.

2. OTL Fix

Please note that G: is a logical drive mapped to F:\Gcopy and thus these were not separate instances of SmitFraudFix.

OTL Fix log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.zip moved successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix.exe moved successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix\Process.exe moved successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix\restart.exe moved successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\SmitfraudFix folder moved successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DNS Trojan\SmitfraudFix.exe moved successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\Process.exe moved successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\restart.exe moved successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix folder moved successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Downloads\SmitfraudFix.exe moved successfully.
C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix.zip moved successfully.
C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix\Process.exe moved successfully.
C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix\restart.exe moved successfully.
C:\Documents and Settings\cds.NPA\Desktop\SmitfraudFix folder moved successfully.
F:\GCopy\Software\SmitfraudFix.exe moved successfully.
F:\GCopy\Software\SmitfraudFix\Process.exe moved successfully.
F:\GCopy\Software\SmitfraudFix folder moved successfully.
File\Folder F:\GCopy\Software\SmitfraudFix\restart.exe not found.
F:\Old Users\cds.DJB7QB1-CDS\Desktop\SmitfraudFix.zip moved successfully.
F:\Old Users\cds.NPA0\Desktop\SmitfraudFix.zip moved successfully.
F:\Old Users\cds.NPA0\Desktop\SmitfraudFix\Process.exe moved successfully.
F:\Old Users\cds.NPA0\Desktop\SmitfraudFix\restart.exe moved successfully.
F:\Old Users\cds.NPA0\Desktop\SmitfraudFix folder moved successfully.
File\Folder G:\Software\SmitfraudFix.exe not found.
File\Folder G:\Software\SmitfraudFix\Process.exe not found.
File\Folder G:\Software\SmitfraudFix\restart.exe not found.
Folder G:\Software\SmitfraudFix not found.
H:\cds.DJB7QB1-CDS.000\Application Data\Sun\Java\Deployment\cache\6.0\39\58ec35a7-2e1dad05 moved successfully.
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix.zip moved successfully.
H:\cds.DJB7QB1-CDS.000\Desktop\DNS Trojan\SmitfraudFix.exe moved successfully.
H:\cds.DJB7QB1-CDS.000\Desktop\DNS Trojan folder moved successfully.
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\Process.exe moved successfully.
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\restart.exe moved successfully.
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix\SmitfraudFix.zip moved successfully.
H:\cds.DJB7QB1-CDS.000\Desktop\SmitfraudFix folder moved successfully.
C:\TDSSKiller_Quarantine\07.12.2011_03.23.36\rtkt0000\svc0000 folder moved successfully.
C:\TDSSKiller_Quarantine\07.12.2011_03.23.36\rtkt0000 folder moved successfully.
C:\TDSSKiller_Quarantine\07.12.2011_03.23.36 folder moved successfully.
C:\TDSSKiller_Quarantine folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\cmd.bat deleted successfully.
C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: cds.DJB7QB1-CDS.000
->Temp folder emptied: 137977365 bytes
->Temporary Internet Files folder emptied: 35645713 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 171692041 bytes
->Flash cache emptied: 1643 bytes

User: cds.NPA
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: CDSDJB~1~000

User: CURRENT_USER.NPA

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ILEA Design
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 141570 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 203917196 bytes

Total Files Cleaned = 524.00 mb


[EMPTYFLASH]

User: All Users

User: cds.DJB7QB1-CDS.000
->Flash cache emptied: 0 bytes

User: cds.NPA
->Flash cache emptied: 0 bytes

User: CDSDJB~1~000

User: CURRENT_USER.NPA

User: Default User
->Flash cache emptied: 0 bytes

User: ILEA Design

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04102012_153353

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

3. OTL Quick Scan

OTL logfile created on: 4/10/2012 03:54:02 PM - Run 6
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 73.85% Memory free
2.83 Gb Paging File | 2.37 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): C:\pagefile.sys 500 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 29.86 Gb Free Space | 40.11% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 931.51 Gb Total Space | 865.94 Gb Free Space | 92.96% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 865.94 Gb Free Space | 92.96% Space Free | Partition Type: NTFS
Drive H: | 1862.98 Gb Total Space | 1772.83 Gb Free Space | 95.16% Space Free | Partition Type: NTFS

Computer Name: DJB7QB1-CDS | User Name: cds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 14:54:32 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/04/04 06:01:08 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\OTL.exe
PRC - [2012/03/17 11:32:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/08/24 15:57:48 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2011/08/24 15:48:02 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2011/08/24 15:42:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2011/07/28 18:58:50 | 000,070,832 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2009/12/16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\NLSSRV32.EXE
PRC - [2009/07/29 13:34:48 | 007,320,872 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
PRC - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 15:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/04 10:41:00 | 000,035,328 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (No Company Name) ==========

MOD - [2012/04/10 12:07:23 | 001,755,136 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12041002\algo.dll
MOD - [2012/03/31 02:07:24 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/17 11:32:49 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 20:25:16 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 20:25:16 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 20:25:14 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
MOD - [2012/02/16 20:25:11 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/02/16 20:16:34 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 20:16:12 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/16 20:15:53 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/16 20:13:45 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/16 20:06:08 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/16 20:05:53 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 20:05:51 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/17 13:13:39 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Prosoft\Prosoft Data Backup PC3\psService.exe -- (psService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/03/31 02:10:41 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/24 15:57:48 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2011/08/24 15:48:02 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2010/05/20 16:06:30 | 000,045,056 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Web Jetadmin 10\bin\HPWJAService.exe -- (HPWJAService)
SRV - [2009/12/16 11:11:06 | 000,065,856 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2009/07/29 06:42:14 | 000,083,240 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2009/01/08 13:16:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/07 20:41:46 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2008/07/24 15:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2005/09/23 08:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\CDSDJB~1.000\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/09/21 11:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2011/03/18 12:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2009/10/20 19:00:10 | 000,089,680 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec8.sys -- (TotRec8)
DRV - [2009/10/20 19:00:04 | 000,130,640 | ---- | M] (High Criteria inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TotRec7.sys -- (TotRec7)
DRV - [2008/02/01 16:17:12 | 000,138,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2008/02/01 16:17:06 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2007/06/06 13:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/05/25 15:40:00 | 001,156,808 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/10/02 10:41:00 | 000,067,441 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2001/10/02 10:41:00 | 000,050,433 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/10/02 10:41:00 | 000,005,841 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wiseacres.dynalias.com:8080/
IE - HKCU\..\SearchScopes,DefaultScope = {406BA193-4FE4-44F8-8CED-43358BE34956}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://news.yahoo.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@alternatiff.com/AlternaTIFF: C:\Program Files\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/04/02 18:48:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 11:33:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9BDF097C-7840-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\{9BDF097C-7840-11E1-826D-B8AC6F996F26}\

[2011/06/26 19:37:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Mozilla\Extensions
[2012/03/27 09:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Mozilla\Firefox\Profiles\3y5tqzhs.default\extensions
[2012/03/22 23:20:05 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Mozilla\Firefox\Profiles\3y5tqzhs.default\extensions\[email protected]
[2012/04/10 09:49:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/06 15:54:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\{902D2C4A-457A-4EF9-AD43-7014562929FF}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\CDS.DJB7QB1-CDS.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\3Y5TQZHS.DEFAULT\EXTENSIONS\[email protected]
[2012/04/02 18:48:24 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/03/17 11:33:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 20:30:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/10 15:34:00 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe (Dassault Systèmes SolidWorks Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\always-on-top.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SubstG.lnk = C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: fastenal.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: marriott.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: solidworks.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([https] in Trusted sites)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.0.cab (AlternaTIFF ActiveX)
O16 - DPF: {12545791-AC9A-44B2-8964-0DA216C4A4E5} http://pacificbearin...3D/cnsweb3d.cab (PARTsolutions 3D Web Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} http://www.3dpublish...ingsEnglish.cab (EModelNonVersionSpecificViewControl Class)
O16 - DPF: {22CF0C35-80CE-11D3-9354-00105AA793BF} http://www.immdesign.../IPAWebView.cab (Ipa Control)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webi...6-6D5536C585C9} (WebIQ Engine Application Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231364466602 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1231364521836 (MUWebControl Class)
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} http://wiseacres.dyn.../WinWebPush.cab (WebWatch Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%20LT%202002/AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://zcorpevents....bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%20LT%202002/AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEFFEA56-3C42-423E-B553-D7A2DACC5DAA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/19 21:37:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/16 15:03:24 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: mixer - C:\WINDOWS\System32\DrvTrNTm.dll (High Criteria inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.CDVC - C:\WINDOWS\System32\CDVCCODC.DLL (Canopus Co., Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VIFP - C:\WINDOWS\System32\VFCodec.dll ()
Drivers32: vidc.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\DrvTrNTm.dll (High Criteria inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 10:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun
[2012/04/10 02:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\gegl-0.2
[2012/04/10 02:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\.gimp-2.8
[2012/04/10 01:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/04/08 12:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/04/08 12:08:25 | 009,604,712 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\mbam-setup.exe
[2012/04/07 14:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/04/07 14:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2012/04/07 14:54:33 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/04/07 14:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2012/04/07 14:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2012/04/07 14:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Real
[2012/04/06 17:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/04/05 20:39:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/05 12:21:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/05 11:59:59 | 004,449,976 | R--- | C] (Swearware) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\ComboFix.exe
[2012/04/02 18:48:40 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/04/02 18:48:40 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/04/02 18:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2012/04/02 18:48:39 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/04/02 18:48:39 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/04/02 18:48:39 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/04/02 18:48:39 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/04/02 18:48:39 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/04/02 18:48:39 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/04/02 18:48:39 | 000,024,408 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswKbd.sys
[2012/04/02 18:48:18 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/04/02 18:48:18 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/04/02 17:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\GooredFix Backups
[2012/04/02 17:43:14 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/03/31 22:41:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup (Disabled by Starter)
[2012/03/31 10:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan
[2012/03/31 10:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/03/31 09:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/03/31 09:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\TestApp
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 15:44:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 15:39:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/10 15:39:20 | 2681,892,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/10 15:34:00 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/04/10 15:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/10 09:48:36 | 000,036,205 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG6.pdf
[2012/04/10 04:44:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/10 02:01:40 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/04/10 02:01:40 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2012/04/10 01:32:46 | 000,207,339 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\recently-used.xbel
[2012/04/09 18:28:00 | 000,000,546 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task dd5f8d9b-553c-4873-8acd-6f5e21a44d4d.job
[2012/04/08 16:37:52 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SecurityCheck.exe
[2012/04/08 12:14:23 | 000,038,700 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG5.pdf
[2012/04/08 12:11:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/08 12:10:07 | 009,604,712 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\mbam-setup.exe
[2012/04/07 14:55:05 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/04/07 14:54:33 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/04/07 14:11:32 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-776561741-839522115-1007.job
[2012/04/07 14:11:32 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-776561741-839522115-1007.job
[2012/04/07 11:36:49 | 000,022,681 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG4.pdf
[2012/04/06 20:31:48 | 000,002,731 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\svchost identify.lnk
[2012/04/05 21:06:28 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2012/04/05 15:01:39 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SubstG.lnk
[2012/04/05 12:00:45 | 004,449,976 | R--- | M] (Swearware) -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\ComboFix.exe
[2012/04/05 11:59:30 | 000,041,741 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG3.pdf
[2012/04/05 02:08:32 | 000,034,701 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG2.pdf
[2012/04/04 03:57:07 | 000,044,224 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG1.pdf
[2012/04/02 19:27:46 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/02 18:48:40 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2012/04/02 17:43:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HostsBackup
[2012/03/31 10:00:56 | 000,662,599 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/31 09:57:55 | 000,001,455 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\sdsetup.exe.lnk
[2012/03/28 20:36:48 | 000,218,514 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\RevisionEA.pdf
[2012/03/28 20:13:48 | 000,062,031 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\conantcover.pdf
[2012/03/28 19:10:04 | 000,455,481 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DSCF1899.JPG
[2012/03/28 19:09:58 | 000,459,124 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DSCF1898.JPG
[2012/03/23 19:34:23 | 000,460,412 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\keplersolver.pdf
[2012/03/18 19:18:19 | 000,116,907 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Pal2002a.pdf
[2012/03/16 01:11:39 | 000,000,977 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\arrowhead.xcf
[2012/03/15 18:15:29 | 000,082,661 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\test.pdf
[2012/03/15 16:10:24 | 000,439,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 15:58:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/15 14:13:00 | 000,002,377 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2009 SP4.1.lnk
[2012/03/12 13:41:24 | 000,036,028 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\boincgoof.tif
[2012/03/12 00:00:27 | 000,491,408 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 00:00:26 | 000,090,300 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/11 23:06:35 | 000,269,294 | ---- | M] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\wolfftrig.pdf
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\*.tmp -> ]
[1 C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp files -> C:\Documents and Settings\cds.DJB7QB1-CDS.000\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/10 09:48:36 | 000,036,205 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG6.pdf
[2012/04/10 02:01:40 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Microsoft\Internet Explorer\Quick Launch\GIMP 2.lnk
[2012/04/10 02:01:40 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP 2.lnk
[2012/04/10 02:01:40 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.lnk
[2012/04/10 01:32:46 | 000,207,339 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\recently-used.xbel
[2012/04/08 16:37:44 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\SecurityCheck.exe
[2012/04/08 12:14:23 | 000,038,700 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG5.pdf
[2012/04/07 14:55:05 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2012/04/07 13:44:06 | 2681,892,864 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/07 11:36:49 | 000,022,681 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG4.pdf
[2012/04/05 11:59:30 | 000,041,741 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG3.pdf
[2012/04/05 02:08:32 | 000,034,701 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG2.pdf
[2012/04/04 03:57:07 | 000,044,224 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\GTG1.pdf
[2012/04/02 18:48:40 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2012/03/31 11:55:16 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/31 10:00:49 | 000,662,599 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/31 09:57:55 | 000,001,455 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\sdsetup.exe.lnk
[2012/03/31 02:07:29 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/28 20:36:46 | 000,218,514 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\RevisionEA.pdf
[2012/03/28 20:13:48 | 000,062,031 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\conantcover.pdf
[2012/03/28 20:10:58 | 000,459,124 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DSCF1898.JPG
[2012/03/28 20:10:56 | 000,455,481 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\DSCF1899.JPG
[2012/03/23 19:34:22 | 000,460,412 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\keplersolver.pdf
[2012/03/18 19:18:18 | 000,116,907 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\Pal2002a.pdf
[2012/03/16 01:11:39 | 000,000,977 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\arrowhead.xcf
[2012/03/15 18:15:29 | 000,082,661 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\test.pdf
[2012/03/12 13:41:24 | 000,036,028 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\boincgoof.tif
[2012/03/11 23:06:35 | 000,269,294 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\My Documents\wolfftrig.pdf
[2012/02/15 02:15:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/06 16:58:07 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/01/19 16:08:27 | 000,000,222 | ---- | C] () -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\.ptbt1
[2011/12/07 03:40:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/07 03:40:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/07 03:40:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/07 03:40:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/07 03:40:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/10 16:53:26 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/06/26 19:37:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/23 21:04:27 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/23 21:04:25 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/23 21:04:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/23 21:04:01 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/12/15 16:55:15 | 000,393,768 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/22 13:30:39 | 000,000,135 | ---- | C] () -- C:\WINDOWS\huffyuv.ini
[2010/07/29 18:54:47 | 000,000,536 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

========== LOP Check ==========

[2009/01/07 21:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Actify
[2010/01/21 11:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/04/02 18:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/10 15:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2009/01/13 17:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2010/06/01 11:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Huggle
[2010/02/12 01:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/07/27 12:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prosoft
[2012/03/31 02:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/07/27 09:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/12/04 16:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Autodesk
[2009/12/04 16:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\cadenas
[2010/02/13 15:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
[2010/01/08 03:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\DassaultSystemes
[2010/02/12 01:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Downloaded Installations
[2009/12/04 16:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\DWGeditor
[2010/01/13 16:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\EDrawings
[2011/12/06 23:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\ElevatedDiagnostics
[2012/03/06 16:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\gtk-2.0
[2012/04/10 15:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\IM
[2010/08/30 14:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\inkscape
[2009/12/04 16:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\IrfanView
[2010/02/12 02:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Nitro PDF
[2009/12/04 16:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\PC-FAX TX
[2010/02/13 13:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Salehoo
[2009/12/04 16:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Scooter Software
[2009/12/04 13:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\sldIM
[2012/03/31 09:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\TestApp
[2010/02/23 13:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\TotalRecorder
[2012/04/09 18:28:00 | 000,000,546 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dd5f8d9b-553c-4873-8acd-6f5e21a44d4d.job

========== Purity Check ==========



========== Custom Scans ==========

< >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/17 11:32:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/17 11:32:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/17 11:32:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/17 11:32:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/17 11:32:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/17 11:32:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\*. /rp /s >

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-15 20:01:41

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >


4. Other issues

Upon rebooting, Skype restarts but does not connect. I have to Quit it and restart it (after the limbo period described below) in order to get it to connect.

Once Skype, Avast, and Boinc start, there is a period of a couple to three minutes during which the computer is mostly unresponsive. The Task Manager shows the Boinc applications starting to run, but the BOINC systray icon mouseover still shows "reconnecting to client". Firefox shows in the Task Manager but will not open a window. It feels like some process is preventing the Boinc Manager, Skype, and Firefox from running or from communicating.

[SweetTech]

Hi Cstaffa!

I am sorry to hear that you haven't been well. I do hope that your rest was beneficial and that you will feel better soon.

Thanks! I'm feeling much better today! Sometimes all that's needed is a days rest and then you're back to normal.

After the download finished, I shut Firefox and uninstalled Java 6. After that, I noted that its plugins still showed up in the Firefox Add-ons Manager, though disabled. I clicked the Remove button for each and shut Firefox again.

That's one thing that removing Java doesn't seem to do. That is remove the old Java entries in Firefox.

I did turn off JQS as instructed.

Okay, thanks for the information regarding the Java install.

Please note that G: is a logical drive mapped to F:\Gcopy and thus these were not separate instances of SmitFraudFix.

Okay, thanks for letting me know that.

Once Skype, Avast, and Boinc start, there is a period of a couple to three minutes during which the computer is mostly unresponsive. The Task Manager shows the Boinc applications starting to run, but the BOINC systray icon mouseover still shows "reconnecting to client". Firefox shows in the Task Manager but will not open a window. It feels like some process is preventing the Boinc Manager, Skype, and Firefox from running or from communicating.

hmm... Interesting. When did you first start experiencing this, or notice that you were experiencing this issue?

OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Services
  :Processes
  KILLALLPROCESSES
  :OTL
  [2012/03/31 10:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan
  
  :Reg
  [-HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9BDF097C-7840-11E1-826D-B8AC6F996F26}]
  :Files
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\{9BDF097C-7840-11E1-826D-B8AC6F996F26}\
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan
  echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
  ipconfig /flushdns /c
  :Commands
  [emptytemp]
  [EMPTYFLASH]
  [EMPTYJAVA]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:



Re-Running OTL

We need to create a New FULL OTL Report

• Please download OTL from here if you have not done so already:
  
  • Main Mirror
  • Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "NONE" box in the top of the box.
• Change the "Extra Registry" option to "SafeList"
• In the box Cope & Paste the following:
  

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  "%WinDir%\$NtUninstallKB*$." /30
  C:\Program Files\Common Files\ComObjects\*.* /s
  %systemroot%\*. /mp /s
  %systemroot%\*. /rp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  %SYSTEMDRIVE%\*.exe
  /md5start
  volsnap.sys
  atapi.sys
  explorer.exe
  winlogon.exe
  wininit.exe
  tdx.sys
  /md5stop
  hklm\software\clients\startmenuinternet|command /rs
  

• Push the button.
• Two reports will open, copy and paste them in a reply here:
  
  • OTL.txt <-- Will be opened
  • Extras.txt <-- Will be minimized

[Cstaffa]

I ran the OTL fix as requested. Almost immediately it came back with an alert window saying that it could not create a cmd.bat file in the 2012Trojan folder on my desktop. Now the OTL seems to be hung up. The lower window shows the text beginning with 'echo, Y|cacls' and the status says 'Moving file C:\Documents.....\Desktop\2012Trojan...'. I am posting from another machine. Please advise.

[SweetTech]

Hi!

Sorry to hear OTL gave you issues, can you try exiting out of the OTL window?

Then try running this OTL fix instead:


We need to run an OTL Fix

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  

  :Services
  :Processes
  KILLALLPROCESSES
  :OTL
  [2012/03/31 10:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan
  :Reg
  [-HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9BDF097C-7840-11E1-826D-B8AC6F996F26}]
  :Files
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\{9BDF097C-7840-11E1-826D-B8AC6F996F26}\
  C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan
  :Commands
  [emptytemp]
  

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Lets see if that OTL fix will run to completion.

-ST

[Cstaffa]

1: Reboot balkiness:

Interesting. When did you first start experiencing this, or notice that you were experiencing this issue?

I don't know; there's been similar behavior for months. I did have SuperAntiSpyware installed, and could see it in the Task Manager occasionally gobbling CPU time, so I assumed it had to do with SuperAntiSpyware starting. Now that SuperAntiSpyware is not installed, I don't see Avast being similarly active in Task Manager, and so I doubt that the unresponsiveness is due to Avast. I suspect that it is due to some incorrect setting somewhere.

2: Failed OTL fix:

I think that the failure is my fault, and I am confused. 2012Trojan was a folder on my desktop in which I was keeping programs, logs, and text related to this round of malware clearing, including OTL. Instead of running OTL directly on the desktop, as prescribed, I ran it from the 2012Trojan folder. I now see that the fix posted in #22 successfully moved the 2012Trojan folder, which must have then given OTL fits. I am sorry for not running OTL on the desktop, as prescribed.

I am confused as to why we are moving the 2012Trojan folder.

To exit the stalled OTL, I simply closed its window. I then rebooted, choosing 'Shut down' instead of 'Install updates and shut down', as I expected that the updates might be related to OTL's activities.

Even after the successful OTL fix noted below, I see that 'Install updates and shut down' is the default option under Shut Down Windows. I am reluctant to allow these updates to install as I don't know what they are. Should I allow them?

3. New OTL fix:

I moved OTL from the displaced 2012Trojan folder onto the desktop, where the new fix ran smoothly.

OTL fix log:

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Folder C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan\ not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9BDF097C-7840-11E1-826D-B8AC6F996F26} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BDF097C-7840-11E1-826D-B8AC6F996F26}\ not found.
========== FILES ==========
Folder C:\Documents and Settings\cds.DJB7QB1-CDS.000\Local Settings\Application Data\{9BDF097C-7840-11E1-826D-B8AC6F996F26} not found.
File\Folder C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop\2012Trojan not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: cds.DJB7QB1-CDS.000
->Temp folder emptied: 1327218 bytes
->Temporary Internet Files folder emptied: 1410654 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51482514 bytes
->Flash cache emptied: 830 bytes

User: cds.NPA
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: CDSDJB~1~000

User: CURRENT_USER.NPA

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ILEA Design
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 138814 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04112012_100005

[Cstaffa]

I ran the OTL scan prescribed in #22.

OTL.txt:

OTL logfile created on: 4/11/2012 11:11:15 AM - Run 7
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 72.90% Memory free
2.83 Gb Paging File | 2.39 Gb Available in Paging File | 84.34% Paging File free
Paging file location(s): C:\pagefile.sys 500 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 29.68 Gb Free Space | 39.87% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 931.51 Gb Total Space | 865.94 Gb Free Space | 92.96% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 865.94 Gb Free Space | 92.96% Space Free | Partition Type: NTFS
Drive H: | 1862.98 Gb Total Space | 1772.83 Gb Free Space | 95.16% Space Free | Partition Type: NTFS

Computer Name: DJB7QB1-CDS | User Name: cds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {27B853CE-32E2-E8D4-7DFD-78158505AB0E} - Windows Media Player
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3DB11A5B-F122-E5E7-668F-BA9609419048} - Internet Explorer
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {48B35DE9-8587-C6E9-EF6A-F91677858DD5} - Browser Customizations
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {58FB87A2-7FDC-1A75-647D-7BE78057AEE9} - Browser Customizations
ActiveX: {58FD7E19-27F7-C683-A50E-4FAD5EC32A59} - Internet Explorer
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7076F357-8C32-25D0-977A-58023D4FBF6C} - NetShow
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AEDC5A8A-10D6-6D7E-3B10-0C1501B3B251} - Microsoft Windows Media Player 6.4
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: mixer - C:\WINDOWS\System32\DrvTrNTm.dll (High Criteria inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.CDVC - C:\WINDOWS\System32\CDVCCODC.DLL (Canopus Co., Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VIFP - C:\WINDOWS\System32\VFCodec.dll ()
Drivers32: vidc.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\DrvTrNTm.dll (High Criteria inc.)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/11/19 16:26:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/11/19 16:26:46 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/11/19 16:26:46 | 000,897,024 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2012/03/06 19:02:43 | 000,024,408 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswKbd.sys
[2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSnx.sys
[2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys

< %SYSTEMDRIVE%\*.exe >

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/07 17:52:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/07 17:52:53 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/04 06:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/31 13:13:46 | 000,182,856 | ---- | M] () MD5=9F37B15F56C3D248CD299D34BCB2CEFA -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/17 11:32:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/17 11:32:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/17 11:32:28 | 000,834,712 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/03/17 11:32:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/03/17 11:32:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/17 11:32:58 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >

Extras.txt:

OTL Extras logfile created on: 4/11/2012 11:11:15 AM - Run 7
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\cds.DJB7QB1-CDS.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 72.90% Memory free
2.83 Gb Paging File | 2.39 Gb Available in Paging File | 84.34% Paging File free
Paging file location(s): C:\pagefile.sys 500 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 29.68 Gb Free Space | 39.87% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 931.51 Gb Total Space | 865.94 Gb Free Space | 92.96% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 865.94 Gb Free Space | 92.96% Space Free | Partition Type: NTFS
Drive H: | 1862.98 Gb Total Space | 1772.83 Gb Free Space | 95.16% Space Free | Partition Type: NTFS

Computer Name: DJB7QB1-CDS | User Name: cds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"2967:TCP" = 2967:TCP:LocalSubNet:Enabled:Symantec Management
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2967:TCP" = 2967:TCP:LocalSubNet:Enabled:Symantec Management
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"54925:UDP" = 54925:UDP:LocalSubNet:Enabled:Scanning
"54926:UDP" = 54926:UDP:LocalSubNet:Enabled:PC-Fax

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Documents and Settings\cds.NPA\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\cds.DJB7QB1-CDS.000\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
"C:\Program Files\Common Files\SolidWorks Installation Manager\17.0\sldimdownloader.exe" = C:\Program Files\Common Files\SolidWorks Installation Manager\17.0\sldimdownloader.exe:*:Enabled:sldimdownloader.exe -- (Dassault Systèmes SolidWorks Corp.)
"C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" = C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe:*:Enabled:sldIMScheduler.exe -- (Dassault Systèmes SolidWorks Corp.)
"C:\Program Files\Google\Google Earth\googleearth.exe" = C:\Program Files\Google\Google Earth\googleearth.exe:*:Enabled:Google Earth
"C:\Program Files\Ipswitch\WS_FTP Professional\ftpfind.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\ftpfind.exe:*:Enabled:WS_FTP Find Utility -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\SolidWorks\SolidWorks\swspmanager.exe" = C:\Program Files\SolidWorks\SolidWorks\swspmanager.exe:*:Enabled:swspmanager.exe -- (Dassault Systèmes SolidWorks Corp.)
"C:\Program Files\Symantec AntiVirus\VPC32.exe" = C:\Program Files\Symantec AntiVirus\VPC32.exe:*:Enabled:Symantec AntiVirus
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe:*:Enabled:Ipswitch WS_FTP Professional 2007 -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F2F77E4-4053-4108-B153-81F0B42EDCF4}" = WebIQ Technology Engine
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (HPWJA)
"{341E1C05-5091-418F-B862-C28253A99F25}" = BOINC
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C400DF4-90E0-412C-843A-F5424402662F}" = DJBCP Codec Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5783F2D7-0109-0409-0000-0060B0CE6BBA}" = AutoCAD LT 2002
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.41 .2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D3E11CE-2C9A-44E3-A561-ED9BAC439E83}" = HP Web Jetadmin 10.2
"{6D49994F-2E35-4932-B9ED-D2F4EEBF91A2}" = QuickBooks Pro Timer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72A819E7-4146-B9EA-1292-C4A77F657B4E}" = eBay Desktop
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78F5131C-7C4F-49AA-AA32-B7B42E941BCF}" = SolidWorks 2009 SP04.1
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{AFFBB1A4-26E9-42D8-ACBB-B8B1ECF862DC}" = Actify SpinFire Reader
"{B10E8648-1EC1-4FE8-B7C9-18C70CD48172}" = SolidWorks eDrawings 2009
"{B197134C-2A98-4D8C-A55A-9A7809AF59EC}" = SolidWorks Explorer 2009 sp04.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE0AC13A-77D2-11E0-B15B-81BA4824019B}" = PowerChute Personal Edition 3.0.0.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD04643-5246-48AC-9D8C-F43A37BB8F36}" = WD Drive Manager (x86)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D198D2E7-B557-4404-A286-77F249625172}" = Nokia Internet Tablet Software Update Wizard
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F6C0D92C-7EBC-4CEE-A0DD-BCE6ADB50E22}" = CADENAS PARTwebViewer
"{FA508751-94C7-4D6C-8418-B6FC3C43D1A7}" = DWGeditor
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"7-Zip" = 7-Zip 9.15 beta
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.3.1 Standard
"Adobe Acrobat 8 Standard_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnswerWorks" = AnswerWorks Runtime
"avast" = avast! Pro Antivirus
"BC2_is1" = Beyond Compare Version 2.5.3
"BurnAware Free_is1" = BurnAware Free 2.4.4
"CodeStuff Starter" = CodeStuff Starter
"com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1" = eBay Desktop
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.59
"eIMAGE Recovery" = eIMAGE Recovery
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"GIMP-2_is1" = GIMP 2.8.0-rc1
"Hugin" = Hugin 2011.4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.48.2
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MeshLab" = MeshLab 1.1.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Parts&Vendors 6.0" = Parts&Vendors 6.0
"PoiEdit" = PoiEdit
"RealPlayer 15.0" = RealPlayer
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SolidWorks Installation Manager 20090-40401-1100-200" = SolidWorks 2009 SP04.1
"SpeedFan" = SpeedFan (remove only)
"TotalRecorder" = Total Recorder 8.0
"Tweak UI 2.10" = Tweak UI
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2012 11:08:06 PM | Computer Name = DJB7QB1-CDS | Source = Application Error | ID = 1001
Description = Fault bucket -1484357367.

Error - 4/10/2012 12:27:36 AM | Computer Name = DJB7QB1-CDS | Source = Application Error | ID = 1000
Description = Faulting application pythonw.exe, version 0.0.0.0, faulting module
libgtk-win32-2.0-0.dll, version 2.24.9.0, fault address 0x001d87db.

Error - 4/10/2012 12:29:22 AM | Computer Name = DJB7QB1-CDS | Source = Application Error | ID = 1000
Description = Faulting application pythonw.exe, version 0.0.0.0, faulting module
libgtk-win32-2.0-0.dll, version 2.24.9.0, fault address 0x001d87db.

Error - 4/10/2012 12:31:50 AM | Computer Name = DJB7QB1-CDS | Source = Application Error | ID = 1000
Description = Faulting application pythonw.exe, version 0.0.0.0, faulting module
libgtk-win32-2.0-0.dll, version 2.24.9.0, fault address 0x001d87db.

Error - 4/10/2012 12:37:22 AM | Computer Name = DJB7QB1-CDS | Source = Application Error | ID = 1000
Description = Faulting application pythonw.exe, version 0.0.0.0, faulting module
libgtk-win32-2.0-0.dll, version 2.24.9.0, fault address 0x001d87db.

Error - 4/10/2012 12:50:10 AM | Computer Name = DJB7QB1-CDS | Source = Application Error | ID = 1000
Description = Faulting application pythonw.exe, version 0.0.0.0, faulting module
libgtk-win32-2.0-0.dll, version 2.24.9.0, fault address 0x001d87db.

Error - 4/10/2012 12:54:36 AM | Computer Name = DJB7QB1-CDS | Source = Application Error | ID = 1000
Description = Faulting application pythonw.exe, version 0.0.0.0, faulting module
libgtk-win32-2.0-0.dll, version 2.24.9.0, fault address 0x001d87db.

Error - 4/10/2012 12:55:50 AM | Computer Name = DJB7QB1-CDS | Source = Application Error | ID = 1000
Description = Faulting application pythonw.exe, version 0.0.0.0, faulting module
libgtk-win32-2.0-0.dll, version 2.24.9.0, fault address 0x001d87db.

Error - 4/10/2012 01:04:11 AM | Computer Name = DJB7QB1-CDS | Source = Application Error | ID = 1000
Description = Faulting application pythonw.exe, version 0.0.0.0, faulting module
libgtk-win32-2.0-0.dll, version 2.24.9.0, fault address 0x001d87db.

Error - 4/10/2012 01:07:16 AM | Computer Name = DJB7QB1-CDS | Source = Application Error | ID = 1000
Description = Faulting application pythonw.exe, version 0.0.0.0, faulting module
libgtk-win32-2.0-0.dll, version 2.24.9.0, fault address 0x001d87db.

[ OSession Events ]
Error - 4/6/2009 04:53:26 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 481
seconds with 480 seconds of active time. This session ended with a crash.

Error - 10/19/2009 07:58:00 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/10/2009 06:13:17 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19238
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 12/10/2009 06:36:23 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1280
seconds with 300 seconds of active time. This session ended with a crash.

Error - 5/6/2010 03:46:05 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11570
seconds with 120 seconds of active time. This session ended with a crash.

Error - 9/29/2011 02:29:32 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 83233
seconds with 240 seconds of active time. This session ended with a crash.

Error - 2/25/2012 03:57:42 AM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 52539
seconds with 24720 seconds of active time. This session ended with a crash.

Error - 3/2/2012 10:24:04 PM | Computer Name = DJB7QB1-CDS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34181
seconds with 19560 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/11/2012 01:42:09 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The APC UPS Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/11/2012 01:42:09 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The NLS Service service terminated unexpectedly. It has done this
1 time(s).

Error - 4/11/2012 01:42:09 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/11/2012 01:42:09 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The WD Drive Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/11/2012 01:42:09 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The APC Data Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/11/2012 10:00:06 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The APC UPS Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/11/2012 10:00:06 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The NLS Service service terminated unexpectedly. It has done this
1 time(s).

Error - 4/11/2012 10:00:06 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 4/11/2012 10:00:06 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The APC Data Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 4/11/2012 10:00:06 AM | Computer Name = DJB7QB1-CDS | Source = Service Control Manager | ID = 7034
Description = The WD Drive Manager Service service terminated unexpectedly. It
has done this 1 time(s).


< End of report >

[SweetTech]

Hi Cstaffa!

I don't know; there's been similar behavior for months. I did have SuperAntiSpyware installed, and could see it in the Task Manager occasionally gobbling CPU time, so I assumed it had to do with SuperAntiSpyware starting. Now that SuperAntiSpyware is not installed, I don't see Avast being similarly active in Task Manager, and so I doubt that the unresponsiveness is due to Avast. I suspect that it is due to some incorrect setting somewhere.

Okay, thanks for that information.

I am confused as to why we are moving the 2012Trojan folder.

I was removing that folder because the name was suspicious. I didn't realize that OTL was running from that directory.

Even after the successful OTL fix noted below, I see that 'Install updates and shut down' is the default option under Shut Down Windows. I am reluctant to allow these updates to install as I don't know what they are. Should I allow them?

Please go ahead and allow Windows to install those updates.

Your OTL logs are showing me that a few services have been terminated unexpectedly lately.

This maybe related to the issues you're experiencing with a few of the programs not running properly.

I'm going to ask that you run a few scans and see if they help to improve things:



Run System File Checker

Make sure you have your XP Disc handy


The System File Checker (Sfc.exe) utility is used for scanning protected operating system files to verify their version and integrity. If System File Checker detects any operating system file with the incorrect file version, it replaces the corrupted file with a file that has the correct version from the Windows installation source files.

To use System File Checker, follow these steps:

• Click Start, click Run, type cmd.exe, and then click OK.
• At the command prompt, type sfc /purgecache, and then press ENTER.
  Note You may be prompted to provide Windows installation source files when you run the sfc /purgecache command. If the command is completed successfully, you will receive the following message:
• Windows File Protection successfully made the requested change.
• At the command prompt, type sfc /scannow, and then press ENTER.
  Note
  This command may take several minutes to finish. You may also be
  prompted to provide Windows installation source files when you run the sfc /scannow command.
• At the command prompt, type exit, and then press ENTER to close the command prompt.

NEXT:



Please do the following:

1. Run Chkdsk
Running chkdsk may take some time to complete. Please be patient and do not use the computer, press any keys, or try to stop the chkdsk scan once it has started.

• Right-click the Start button and select Explore
• Navigate to your C: Drive, then right-click the drive and select Properties
• In the Properties window that pops-up, click the Tools tab and then click on the button that says Check Now
• If the User Account Control window pops-up asking for permission to run Check Disk, please click on Continue
• In the Check Disk Options window that pops-up, place a check-mark in both boxes:
  • Automatically fix file system errors
  • Scan for and attempt recovery of bad sectors
• Now click on Start.
• A new window will pop-up saying, Windows can't check the disk while it's in use, click schedule disk check
• Now shut-down your computer, not restart, and then turn on your computer.
• When your computer turns on, you will see a black screen with white lettering, this is chkdsk running.
• Let chkdsk run through its 5 Stages. When it is finished, your computer will boot to the desktop.

2. Chkdsk Log

• Click on Start, then Run.
• Copy and paste the following bold text in to the Open: box:
  • eventvwr.msc /s
• This will bring up the Event Viewer window
• In the left panel click on Application
• The chkdsk log should be the first entry, with a source of Wininit. If it is not the first log:
  • Click on View, and then on Newest First
  • This should place the chkdsk log at the top of the list.
• Click on the entry once
• Now right-click on the entry and choose Properties.
• In the window that pops-up, click on (this will copy the log).
• Paste the log in a Reply to this topic.

NEXT:



Please let me know how the above scans go, and let me know if they help improve anything.

-ST.

[Cstaffa]

1. System file checker

I ran sfc with Avast shields on and Boinc still running. It took about half an hour. It did ask for the xp disk at the beginning and the drive whirred sporadically throughout the process. There was no indication that it replaced any files. I found it odd to have such a process with no log at all.

2. Chkdsk

I first tried to run this and selected 'Install updates and shut down'. Windows installed eight updates and shut down. Upon rebooting I got a blue screen with white lettering which didn't take very long to report something like 'Volume is clean' and 'Windows has finished checking the disk'. It soon gave me the ordinary blue logon screen. The startup was extremely slow; the objects on my desktop didn't get their proper icons for well over two minutes and in addition to Skype the APC Data Service didn't start.

The Event Viewer showed no log from Wininit at all.

So I repeated the instructions and chose Shut down instead of Install updates and shut down. I guess I'm due for a lot of updates. This time it ran normally.

This time several of the usual icons are missing from the systray: always-on-top, volume control, and safely remove hardware. Skype still doesn't connect without me restarting it.

There is no log from Wininit; the correct log seems to be this one:


Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 4/12/2012
Time: 03:33:08 AM
User: N/A
Computer: DJB7QB1-CDS
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.
Cleaning up minor inconsistencies on the drive.
Cleaning up 928 unused index entries from index $SII of file 0x9.
Cleaning up 928 unused index entries from index $SDH of file 0x9.
Cleaning up 928 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

78067867 KB total disk space.
46326216 KB in 127365 files.
50768 KB in 14257 indexes.
0 KB in bad sectors.
508035 KB in use by the system.
65536 KB occupied by the log file.
31182848 KB available on disk.

4096 bytes in each allocation unit.
19516966 total allocation units on disk.
7795712 allocation units available on disk.

Internal Info:
60 c6 02 00 41 29 02 00 dc 51 03 00 00 00 00 00 `...A)...Q......
9f 08 00 00 02 00 00 00 cb 0c 00 00 00 00 00 00 ................
56 10 a0 0d 00 00 00 00 9c 64 3d 99 00 00 00 00 V........d=.....
0e 94 83 4d 00 00 00 00 ce 29 0e 49 06 00 00 00 ...M.....).I....
b4 44 c8 c9 01 00 00 00 ba 7b dd 10 09 00 00 00 .D.......{......
b0 52 fc 6e 00 00 00 00 a0 39 07 00 85 f1 01 00 .R.n.....9......
00 00 00 00 00 20 87 0b 0b 00 00 00 b1 37 00 00 ..... .......7..

Windows has finished checking your disk.
Please wait while your computer restarts.


For more information, see Help and Support Center at http://go.microsoft....ink/events.asp.

[Cstaffa]

I was able to get the icons for Mouseware, the volume control, and always-on-top to show up in the systray by going to their controls in Control Panel and unselecting then reselecting the systray option (for the first two) and restarting always-on-top (it said there was a thread of it already running). I then restarted to see if they would reappear, but they don't.

Once on one of these reboots Skype did connect on its own, but not this last time (with no installs in process).

[SweetTech]

Hi!

Thanks for that information.

Can you please try and remove Skype, and then re-install it to see if that issue is fixed with re-installing it?

Let me know.

ST.