Websites redirected, can't run Windows Update, can't install Malwarebytes

Inactive
By weety
Oct 3, 2012
  1. I cannot access E-mail via websites (such as hotmail.com, gmail.com, work E-mail). A number of other websites also seem to be blocked (e.g. store.malwarebytes.org). I get the message "This webpage is not available" [Google Chrome].

    I managed to download the malwarebytes installer from cnet.com, but the installation fails with some not very useful error message. (I can't check it now because I tried to open Internet Explorer and now the system is hanging). Without Malwarebytes, I can't proceed with the recommended 5 steps for malware removal.

    When I try to run Windows Update [Windows XP], I first get a message that the default search provider has been tinkered with. Then, when I try to "allow" the update in Internet Explorer, an error pops up and the update cannot proceed.

    Please help!
  2. weety

    weety Newcomer, in training Topic Starter Posts: 60

    Symantec Endpoint (and no other antivirus) is installed, but doesn't seem to respond to any type of clicking.
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  4. weety

    weety Newcomer, in training Topic Starter Posts: 60

    Thanks for taking time to help me.

    I am unable to disable Symantec Endpoint Protection, but will proceed anyway.

    I know I'm not supposed to mess around with these things, but I tried running ComboFix previously (renamed as svchost.exe) and it took a little over 10 hours to complete. However, I know I'm supposed to do precisely what I'm told, so I'll run it again now and post the new log tomorrow.
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Go ahead. I look forward to it. :)
  6. weety

    weety Newcomer, in training Topic Starter Posts: 60

    ComboFix 12-10-03.03 - hmc05 03/10/2012 19:02:50.7.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3017.2408 [GMT 1:00]
    Running from: c:\documents and settings\hmc05\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-25 19:50 . 2012-09-25 19:50--------d-----w-c:\program files\pdfforge Toolbar
    2012-09-25 19:50 . 2012-09-25 19:50--------d-----w-c:\program files\Common Files\Spigot
    2012-09-25 19:50 . 2012-09-25 19:50--------d-----w-c:\program files\Application Updater
    2012-09-25 08:06 . 2012-09-25 08:06--------d-----w-c:\documents and settings\All Users\Application Data\MFAData
    2012-09-25 08:06 . 2012-09-25 08:06--------d-----w-c:\documents and settings\hmc05\Local Settings\Application Data\MFAData
    2012-09-25 08:06 . 2012-09-25 08:06--------d-----w-c:\documents and settings\hmc05\Local Settings\Application Data\Avg2013
    2012-09-25 08:06 . 2012-09-25 08:06--------d-----w-c:\documents and settings\All Users\Application Data\Common Files
    2012-09-24 11:12 . 2012-09-24 11:12--------d-----w-c:\winnt\ms
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-24 11:18 . 2012-04-27 14:50696520----a-w-c:\winnt\system32\FlashPlayerApp.exe
    2012-09-24 11:18 . 2011-06-09 07:3073416----a-w-c:\winnt\system32\FlashPlayerCPLApp.cpl
    2012-08-28 15:14 . 1980-01-01 00:00916992----a-w-c:\winnt\system32\wininet.dll
    2012-08-28 15:14 . 1980-01-01 00:0043520----a-w-c:\winnt\system32\licmgr10.dll
    2012-08-28 15:14 . 1980-01-01 00:001469440------w-c:\winnt\system32\inetcpl.cpl
    2012-08-28 12:07 . 1980-01-01 00:00385024----a-w-c:\winnt\system32\html.iec
    2012-07-06 13:58 . 1980-01-01 00:0078336----a-w-c:\winnt\system32\browser.dll
    2005-10-12 15:04 . 2005-10-12 15:04131072----a-w-c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
    2012-04-21 01:18 . 2012-05-16 17:0997208----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "PHIME2002ASync"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "IgfxTray"="c:\winnt\system32\igfxtray.exe" [2008-10-16 150040]
    "HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2008-10-16 178712]
    "Persistence"="c:\winnt\system32\igfxpers.exe" [2008-10-16 150040]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-08 1044480]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-17 180224]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-11-18 115560]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-10-02 0]
    .
    c:\documents and settings\hmc05\Start Menu\Programs\Startup\
    Dropbox.lnk - \\icfs16.cc.ic.ac.uk\hmc05\IExplorer\AppData\Dropbox\bin\Dropbox.exe [N/A]
    ICTprintservice.lnk - \\ICADS11\netlogon\clusters\common\ICTprintservice.cmd [2007-12-19 6839]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Auto-sleep.lnk - c:\winnt\Installer\{F1F8CE7F-1D24-416F-BFA1-F7DD39D8A000}\mainicon.ico [2011-11-9 15086]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "HideLogonScripts"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceStartMenuLogOff"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "ForceRunOnStartMenu"= 1 (0x1)
    "RestrictWelcomeCenter"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-166766\Scripts\Logoff\0\0]
    "Script"=userlog_logoff_3.04.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-166766\Scripts\Logon\0\0]
    "Script"=%logonserver%\netlogon\user4-GPO.bat
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AllAlertsDisabled"=dword:00000001
    "TermService"=dword:00000001
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\winnt\system32\drivers\sfaudio.sys [01/01/1980 01:00 24064]
    R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [18/12/2009 00:14 691696]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19/09/2012 16:21 795072]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\winnt\system32\drivers\e1k5132.sys [01/01/1980 01:00 144480]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/09/2012 09:28 106656]
    R3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [01/01/1980 01:00 36352]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27/04/2012 15:50 250568]
    S3 COH_Mon;COH_Mon;c:\winnt\system32\drivers\COH_Mon.sys [03/07/2009 11:52 23888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-03 c:\winnt\Tasks\Adobe Flash Player Updater.job
    - c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 11:18]
    .
    2012-10-03 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766Core.job
    - c:\documents and settings\hmc05\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 10:43]
    .
    2012-10-03 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766UA.job
    - c:\documents and settings\hmc05\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 10:43]
    .
    2012-10-03 c:\winnt\Tasks\MATLAB R2012a Startup Accelerator.job
    - c:\program files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe [2012-03-22 03:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: ic.ac.uk
    Trusted Zone: icfs16.cc.ic.ac.uk
    TCP: DhcpNameServer = 155.198.142.7 155.198.142.8
    DPF: {64A6114F-2976-4634-BE36-134BF84D369C} - hxxps://www3.imperial.ac.uk/eWebEditPro/ewebeditpro4.cab
    DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AD} - ftp://ftp.ni.com/pub/devzone/tut/cnx_lv8_runtime.exe
    DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF}
    FF - ProfilePath -
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-10-04 06:08
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-243037206-41955558-561332275-166766\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2012-10-04 06:10:11
    ComboFix-quarantined-files.txt 2012-10-04 05:10
    ComboFix2.txt 2012-10-03 03:36
    ComboFix3.txt 2012-10-01 20:31
    ComboFix4.txt 2012-09-25 19:43
    ComboFix5.txt 2012-10-03 17:47
    .
    Pre-Run: 201,029,742,592 bytes free
    Post-Run: 201,042,485,248 bytes free
    .
    - - End Of File - - C3C90714FC9999060524D403F0CC1A8E
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
  8. weety

    weety Newcomer, in training Topic Starter Posts: 60

    TDSSKiller found 254 "suspicious objects". All skipped.

    Log is far too long to post. (Please find attached).

    Attached Files:

  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    No biggie for those. Will wait for aswMBR log.
  10. weety

    weety Newcomer, in training Topic Starter Posts: 60

    The instructions don't specify if I should do a "QuickScan" or select a specific disk drive. I went for C:\, as it sounded more thorough. Please let me know if a QuickScan is sufficient.
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    It should be, try that.
  12. weety

    weety Newcomer, in training Topic Starter Posts: 60

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-05 12:51:02
    -----------------------------
    12:51:02.472 OS Version: Windows 5.1.2600 Service Pack 3
    12:51:02.472 Number of processors: 2 586 0x170A
    12:51:02.472 ComputerName: EE-HMC05 UserName: hmc05
    12:51:03.577 Initialize success
    12:51:53.369 AVAST engine defs: 12100501
    12:53:05.397 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16
    12:53:05.413 Disk 0 Vendor: WDC_WD2500AAJS-60M0A0 02.03E02 Size: 238475MB BusType: 3
    12:53:05.444 Disk 0 MBR read successfully
    12:53:05.444 Disk 0 MBR scan
    12:53:05.569 Disk 0 Windows XP default MBR code
    12:53:05.584 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
    12:53:05.600 Disk 0 scanning sectors +488376000
    12:53:05.662 Disk 0 scanning C:\WINNT\system32\drivers
    12:53:15.290 Service scanning
    12:53:30.924 Service sptd C:\WINNT\System32\Drivers\sptd.sys **LOCKED** 32
    12:53:35.215 Modules scanning
    12:53:37.384 Module: C:\WINNT\System32\Drivers\atapi.sys **SUSPICIOUS**
    12:53:37.727 Module: C:\WINNT\System32\Drivers\iaStor.sys **SUSPICIOUS**
    12:53:40.910 Module: C:\WINNT\system32\ntdll.dll **SUSPICIOUS**
    12:53:40.910 Disk 0 trace - called modules:
    12:53:40.926 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spua.sys >>UNKNOWN [0x8a49f938]<<
    12:53:40.926 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a441ab8]
    12:53:40.942 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000075[0x8a4f5250]
    12:53:40.942 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-16[0x8a402d98]
    12:53:41.566 AVAST engine scan C:\WINNT
    12:54:00.368 AVAST engine scan C:\WINNT\system32
    12:58:09.750 AVAST engine scan C:\WINNT\system32\drivers
    12:58:31.770 AVAST engine scan C:\Documents and Settings\hmc05
    13:02:53.640 AVAST engine scan C:\Documents and Settings\All Users
    13:07:37.690 Scan finished successfully
    13:27:14.251 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\hmc05\Desktop\MBR.dat"
    13:27:14.251 The log file has been saved successfully to "C:\Documents and Settings\hmc05\Desktop\aswMBRnew.txt"

    Attached Files:

    • MBR.txt
      File size:
      512 bytes
      Views:
      1
  13. weety

    weety Newcomer, in training Topic Starter Posts: 60

    (That is the log from a QuickScan... the full scan ran overnight and when I came back, I had dozens of error messages popping up about delayed write fails. I tried to save the log, but everything just crashed and I had to reboot).
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent work!

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.
  15. weety

    weety Newcomer, in training Topic Starter Posts: 60

    Thanks for your ongoing help. Looks like the scan will take a while... but I've got a good feeling about this one! 14 threats found so far ("a variant of Win32/Toolbar.Widgi application").

    Log file to follow (probably tomorrow) ..........
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Will wait for it.
  17. weety

    weety Newcomer, in training Topic Starter Posts: 60

    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dlla variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Program Files\pdfforge Toolbar\IE\6.3\pdFForgetoolbarie.dll.vira variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
  18. weety

    weety Newcomer, in training Topic Starter Posts: 60

    (Same symptoms seem to remain with computer after the removal of these threats).
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

    • Click the Run Scan button. The scan will not take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time.

    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  20. weety

    weety Newcomer, in training Topic Starter Posts: 60

    # AdwCleaner v2.004 - Logfile created 10/07/2012 at 20:43:43
    # Updated 06/10/2012 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : hmc05 - EE-HMC05
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\hmc05\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Application Updater

    ***** [Files / Folders] *****

    Folder Deleted : C:\Program Files\Application Updater
    Folder Deleted : C:\Program Files\Common Files\spigot
    Folder Deleted : C:\Program Files\pdfforge Toolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\pdfforge
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F6A415-2A69-48F1-8F91-B9381B33FF1A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F6A415-2A69-48F1-8F91-B9381B33FF1A}
    Key Deleted : HKLM\Software\pdfforge
    Key Deleted : HKLM\Software\Search Settings
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v12.0 (en-GB)

    -\\ Google Chrome v22.0.1229.79

    File : C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [1948 octets] - [07/10/2012 20:43:43]

    ########## EOF - H:\AdwCleaner[S1].txt - [2008 octets] ##########
  21. weety

    weety Newcomer, in training Topic Starter Posts: 60

    OTL logfile created on: 07/10/2012 20:55:05 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\hmc05\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.95 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 72.37% Memory free
    4.79 Gb Paging File | 4.13 Gb Available in Paging File | 86.24% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 187.06 Gb Free Space | 80.33% Space Free | Partition Type: NTFS
    Drive H: | 8.00 Gb Total Space | 6.94 Gb Free Space | 86.69% Space Free | Partition Type: NTFS
    Drive L: | 390.63 Mb Total Space | 195.66 Mb Free Space | 50.09% Space Free | Partition Type: NTFS
    Drive V: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
    Drive W: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
    Drive Y: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
    Drive Z: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS

    Computer Name: EE-HMC05 | User Name: hmc05 | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/07 20:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
    PRC - [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    PRC - [2011/10/28 14:15:14 | 000,062,976 | ---- | M] (Imperial College London) -- C:\Program Files\Imperial College London\Auto-sleep\auto-sleep.exe
    PRC - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/11/18 15:11:19 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    PRC - [2010/11/18 15:11:18 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    PRC - [2010/11/18 15:11:07 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2009/11/17 12:55:13 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\CCM\CcmExec.exe
    PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/25 10:42:58 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
    MOD - [2012/09/25 10:42:57 | 012,278,808 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
    MOD - [2012/09/25 10:42:55 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
    MOD - [2012/09/25 10:41:27 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
    MOD - [2012/09/25 10:41:26 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
    MOD - [2012/09/25 10:41:24 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
    MOD - [2009/12/21 02:42:16 | 000,176,235 | ---- | M] () -- C:\WINNT\system32\Primomonnt.dll
    MOD - [2008/04/14 13:00:00 | 000,059,904 | ---- | M] () -- C:\WINNT\system32\devenum.dll
    MOD - [2008/04/14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINNT\system32\msdmo.dll
    MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINNT\system32\pdfcmnnt.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
    SRV - [2012/09/24 12:18:19 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/11/18 15:11:18 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/11/18 15:11:10 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
    SRV - [2010/11/18 15:11:07 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/11/17 12:55:13 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)
    SRV - [2009/09/18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\System32\CCM\TSManager.exe -- (smstsmgr)
    SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\hmc05\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2012/09/17 09:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120924.035\NAVEX15.SYS -- (NAVEX15)
    DRV - [2012/09/17 09:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120924.035\NAVENG.SYS -- (NAVENG)
    DRV - [2012/08/15 14:26:06 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/08/15 14:26:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/11/18 15:14:59 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/11/18 15:11:43 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2010/11/18 15:11:43 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2010/11/18 15:11:42 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2010/11/18 15:10:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\symtdi.sys -- (SYMTDI)
    DRV - [2010/11/18 15:10:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\symredrv.sys -- (SYMREDRV)
    DRV - [2010/11/18 15:10:26 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2009/12/18 00:14:34 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\sptd.sys -- (sptd)
    DRV - [2009/09/18 05:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)
    DRV - [2009/07/03 11:52:32 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2008/10/20 21:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\smsmdm.sys -- (smsmdd)
    DRV - [2008/07/19 11:40:48 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HECI.sys -- (HECI)
    DRV - [2008/06/05 12:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e1k5132.sys -- (e1kexpress)
    DRV - [2008/03/28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\sfaudio.sys -- (SFAUDIO)
    DRV - [2005/10/21 11:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2005/10/18 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\cvintdrv.sys -- (cvintdrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{5C6775AE-B17E-43EC-951F-1735ED9382DB}: "URL" = http://search.live.com/ie.aspx?q={searchTerms}
    IE - HKLM\..\SearchScopes\{5CEB5537-BEEB-4BC2-A428-B524DC584A5A}: "URL" = http://search.imperial.ac.uk/icsear...h=20&cs=iso-8859-1&sc=imperial&sm=0&ha=0&mt=1
    IE - HKLM\..\SearchScopes\{6D91FEDC-F816-4F15-B929-B6B57184D2F8}: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{2ED652B6-A935-4ECF-95F9-E62AC8AAFD4F}: "URL" = http://search.live.com/ie.aspx?q={searchTerms}
    IE - HKCU\..\SearchScopes\{5A81F079-14F5-4766-A656-C6889E04A9E0}: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}
    IE - HKCU\..\SearchScopes\{850361F7-476B-44B8-AB49-9C7F85564DBD}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
    IE - HKCU\..\SearchScopes\{F66A58C6-CA60-4AB4-885F-0196F9274FF5}: "URL" = http://search.imperial.ac.uk/icsear...h=20&cs=iso-8859-1&sc=imperial&sm=0&ha=0&mt=1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2981: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3039: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1798: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/16 18:09:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 11:35:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/16 15:15:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7.3\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7.3\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins

    [2012/05/16 18:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/04/21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/03/22 13:39:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2005/09/20 00:00:08 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13123.dll
    [2005/10/12 16:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV80Win32.dll
    [2012/04/21 03:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/04/21 03:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/21 03:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/04/21 03:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/04/21 03:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/04/21 03:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.co.uk/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.co.uk/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Oracle JInitiator (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPJinit13123.dll
    CHR - plugin: National Instruments LabVIEW 8.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\WINNT\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/02 11:59:55 | 000,000,019 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto-sleep.lnk = C:\WINNT\Installer\{F1F8CE7F-1D24-416F-BFA1-F7DD39D8A000}\mainicon.ico ()
    O4 - Startup: C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\Dropbox.lnk = File not found
    O4 - Startup: C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\ICTprintservice.lnk = \\ICADS2\netlogon\clusters\common\ICTprintservice.cmd ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRunOnStartMenu = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O15 - HKCU\..Trusted Domains: ic.ac.uk ([]* in Local intranet)
    O15 - HKCU\..Trusted Domains: ic.ac.uk ([]file in Trusted sites)
    O15 - HKCU\..Trusted Domains: icfs16.cc.ic.ac.uk ([]file in Trusted sites)
    O15 - HKCU\..Trusted Domains: imperial.ac.uk ([]* in Local intranet)
    O16 - DPF: {64A6114F-2976-4634-BE36-134BF84D369C} https://www3.imperial.ac.uk/eWebEditPro/ewebeditpro4.cab (eWebEditProLibCtl4.eWebEditPro)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AD} ftp://ftp.ni.com/pub/devzone/tut/cnx_lv8_runtime.exe (LabVIEWControl Class)
    O16 - DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.23)
    O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 155.198.142.7 155.198.142.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ic.ac.uk
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA44147E-D188-421D-83F4-E51BBDEDA4DC}: DhcpNameServer = 155.198.142.7 155.198.142.8
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
    O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
    O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
    O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
    O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\hmc05\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\hmc05\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
    ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINNT\system32\Rundll32.exe c:\WINNT\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{2A209567-6103-4EAD-BA75-96722C22500D} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINNT\system32\rundll32.exe" "C:\WINNT\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
  22. weety

    weety Newcomer, in training Topic Starter Posts: 60

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/07 20:53:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
    [2012/10/07 18:42:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/10/07 18:42:35 | 000,000,000 | -HSD | C] -- \RECYCLER
    [2012/10/07 18:42:19 | 000,000,000 | -H-D | C] -- C:\WINNT\PIF
    [2012/10/07 17:53:48 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- H:\SpyHunter-Installer.exe
    [2012/10/07 17:32:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\dds.com
    [2012/10/07 17:23:55 | 000,000,000 | ---D | C] -- C:\WINNT\Profiles
    [2012/10/07 17:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Desktop\Chameleon
    [2012/10/05 18:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/10/05 18:13:17 | 002,322,184 | ---- | C] (ESET) -- H:\esetsmartinstaller_enu.exe
    [2012/10/04 06:10:12 | 000,000,000 | ---D | C] -- C:\WINNT\temp
    [2012/10/02 16:42:54 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\hmc05\Desktop\rkill.exe
    [2012/10/02 14:54:22 | 000,307,569 | ---- | C] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\ListParts.exe
    [2012/10/02 14:52:03 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\hmc05\Desktop\aswMBR.exe
    [2012/10/02 12:15:32 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\hmc05\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/02 12:09:04 | 016,868,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\hmc05\Desktop\Windows-KB890830-V4.12.exe
    [2012/10/02 11:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Start Menu\Programs\Google Chrome
    [2012/10/01 10:24:39 | 000,000,000 | ---D | C] -- C:\WINNT\Minidump
    [2012/09/25 09:15:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
    [2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Local Settings\Application Data\MFAData
    [2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Avg2013
    [2012/09/25 09:04:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
    [2012/09/24 12:12:09 | 000,000,000 | ---D | C] -- C:\WINNT\ms
    [2012/09/24 10:03:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/09/24 10:03:38 | 000,000,000 | RHSD | C] -- \cmdcons
    [2012/09/24 10:02:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
    [2012/09/24 10:02:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
    [2012/09/24 10:02:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
    [2012/09/24 10:02:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
    [2012/09/24 10:00:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/24 10:00:54 | 000,000,000 | ---D | C] -- \Qoobox
    [2012/09/24 10:00:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hmc05\Start Menu\Programs\Administrative Tools
    [2012/09/24 10:00:35 | 000,000,000 | ---D | C] -- C:\WINNT\erdnt
    [2012/09/24 10:00:16 | 004,761,955 | R--- | C] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\ComboFix.exe
    [2012/09/24 08:20:40 | 000,000,000 | ---D | C] -- H:\Windows Desktop Search
    [2012/09/17 19:25:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.exe
    [2012/09/13 02:42:49 | 000,000,000 | --SD | C] -- H:\My Shapes
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Visual Studio 2008
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Visual Studio 2005
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Thai
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Review of Resolution Performance
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\QPR 2
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\QPR 1
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Paper v3
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Paper
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\OneNote Notebooks
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Old Files
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\MY NOTES
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\My Digital Editions
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Miscellaneous
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\MATLAB
    [2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\maple
    [2012/09/13 02:41:55 | 000,000,000 | ---D | C] -- H:\IExplorer
    [2012/09/13 02:41:55 | 000,000,000 | ---D | C] -- H:\exchange
    [2012/09/13 02:41:55 | 000,000,000 | ---D | C] -- H:\EMRS DTC Data
    [2012/09/13 02:41:44 | 000,000,000 | ---D | C] -- H:\desktop
    [2012/09/13 02:41:44 | 000,000,000 | ---D | C] -- H:\Correlation Study
    [2012/09/13 02:41:44 | 000,000,000 | ---D | C] -- H:\Corel User Files
    [2012/09/13 02:41:43 | 000,000,000 | ---D | C] -- H:\Audio Precision
    [2012/09/13 02:41:43 | 000,000,000 | ---D | C] -- H:\3D Signal Subspace
    [2012/09/13 02:41:41 | 000,000,000 | -HSD | C] -- H:\$RECYCLE.BIN
    [2012/09/13 02:41:41 | 000,000,000 | ---D | C] -- H:\2ndYearReport_Backup27Feb2012
    [2012/09/13 02:41:41 | 000,000,000 | ---D | C] -- H:\00 For Printing
    [1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
    [1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/07 20:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
    [2012/10/07 20:53:10 | 000,000,465 | ---- | M] () -- C:\WINNT\SMSCFG.ini
    [2012/10/07 20:53:00 | 000,000,978 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766UA.job
    [2012/10/07 20:51:42 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\ICTprintservice.lnk
    [2012/10/07 20:51:41 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto-sleep.lnk
    [2012/10/07 20:51:28 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
    [2012/10/07 20:51:22 | 000,000,546 | ---- | M] () -- C:\WINNT\tasks\MATLAB R2012a Startup Accelerator.job
    [2012/10/07 20:50:38 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
    [2012/10/07 20:50:36 | 3163,807,744 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/07 20:43:07 | 000,538,327 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\adwcleaner.exe
    [2012/10/07 20:23:00 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
    [2012/10/07 17:53:51 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- H:\SpyHunter-Installer.exe
    [2012/10/07 17:32:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\dds.com
    [2012/10/07 17:30:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\ptgkw35r.exe
    [2012/10/07 17:20:38 | 001,440,846 | ---- | M] () -- H:\mbam-chameleon-1.62.1.1000.zip
    [2012/10/07 16:53:00 | 000,000,926 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766Core.job
    [2012/10/05 18:13:21 | 002,322,184 | ---- | M] (ESET) -- H:\esetsmartinstaller_enu.exe
    [2012/10/04 16:41:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\hmc05\Desktop\aswMBR.exe
    [2012/10/04 16:36:02 | 000,037,814 | ---- | M] () -- H:\MSO2057.acl
    [2012/10/04 16:29:18 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.exe
    [2012/10/03 18:29:36 | 004,761,955 | R--- | M] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\ComboFix.exe
    [2012/10/02 17:23:13 | 000,004,322 | RHS- | M] () -- C:\Documents and Settings\hmc05\ntuser.pol
    [2012/10/02 16:42:55 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\hmc05\Desktop\rkill.exe
    [2012/10/02 16:35:15 | 001,678,240 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\rkill.com
    [2012/10/02 16:31:53 | 002,193,278 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller (1).zip
    [2012/10/02 16:30:59 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.zip
    [2012/10/02 14:54:23 | 000,307,569 | ---- | M] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\ListParts.exe
    [2012/10/02 12:15:32 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\hmc05\Desktop\mbam-setup-1.65.0.1400.exe
    [2012/10/02 12:09:05 | 016,868,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\hmc05\Desktop\Windows-KB890830-V4.12.exe
    [2012/10/02 11:59:55 | 000,000,019 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
    [2012/10/02 11:44:12 | 000,002,312 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\Google Chrome.lnk
    [2012/10/01 10:03:06 | 001,412,096 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\RogueKiller.exe
    [2012/09/24 12:18:19 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerApp.exe
    [2012/09/24 12:18:18 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
    [2012/09/24 12:15:32 | 000,001,796 | ---- | M] () -- C:\WINNT\SMSAdvancedClient.sccm2007ac-sp2-kb977384-x86-enu.mif
    [2012/09/24 12:15:18 | 000,514,678 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
    [2012/09/24 12:15:18 | 000,098,160 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
    [2012/09/24 12:15:18 | 000,004,764 | ---- | M] () -- C:\WINNT\System32\CcmFramework.ini
    [2012/09/24 12:15:18 | 000,000,621 | ---- | M] () -- C:\WINNT\System32\CcmFramework.h
    [2012/09/24 10:03:49 | 000,000,323 | RHS- | M] () -- C:\boot.ini
    [2012/09/24 09:46:07 | 000,003,739 | ---- | M] () -- C:\WINNT\imsins.BAK
    [2012/09/24 08:19:23 | 000,587,792 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
    [1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
    [1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/07 20:43:04 | 000,538,327 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\adwcleaner.exe
    [2012/10/07 17:30:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\ptgkw35r.exe
    [2012/10/07 17:19:18 | 001,440,846 | ---- | C] () -- H:\mbam-chameleon-1.62.1.1000.zip
    [2012/10/04 16:36:02 | 000,037,814 | ---- | C] () -- H:\MSO2057.acl
    [2012/10/02 16:35:13 | 001,678,240 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\rkill.com
    [2012/10/02 16:31:53 | 002,193,278 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller (1).zip
    [2012/10/02 16:30:58 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.zip
    [2012/10/02 11:46:39 | 001,412,096 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\RogueKiller.exe
    [2012/10/02 11:44:12 | 000,002,312 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\Google Chrome.lnk
    [2012/10/02 11:43:54 | 000,000,978 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766UA.job
    [2012/10/02 11:43:53 | 000,000,926 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766Core.job
    [2012/09/25 09:15:23 | 3163,807,744 | -HS- | C] () -- C:\hiberfil.sys
    [2012/09/25 09:15:23 | 3163,807,744 | -HS- | C] () -- \hiberfil.sys
    [2012/09/24 12:15:18 | 000,004,764 | ---- | C] () -- C:\WINNT\System32\CcmFramework.ini
    [2012/09/24 12:15:18 | 000,000,621 | ---- | C] () -- C:\WINNT\System32\CcmFramework.h
    [2012/09/24 10:03:49 | 000,000,207 | ---- | C] () -- C:\Boot.bak
    [2012/09/24 10:03:49 | 000,000,207 | ---- | C] () -- \Boot.bak
    [2012/09/24 10:03:43 | 000,260,272 | R-S- | C] () -- C:\cmldr
    [2012/09/24 10:03:43 | 000,260,272 | R-S- | C] () -- \cmldr
    [2012/09/24 10:02:17 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
    [2012/09/24 10:02:17 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
    [2012/09/24 10:02:17 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
    [2012/09/24 10:02:17 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
    [2012/09/24 10:02:17 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
    [2012/02/17 05:22:17 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\iacenc.dll
    [2011/11/27 23:36:48 | 000,018,982 | ---- | C] () -- C:\Documents and Settings\hmc05\untitled0_MAS.bak
    [2010/10/04 14:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\myinfo7
    [2010/09/27 17:16:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\standby2
    [2010/09/17 05:44:11 | 000,012,768 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
    [2010/02/12 00:28:22 | 000,020,235 | ---- | C] () -- \history.temp
    [2010/02/01 14:25:51 | 000,040,817 | ---- | C] () -- \DetRes_L_fix_2D_reverse.swf
    [2009/12/18 00:25:00 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/11/17 15:59:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\myinfo4
    [2009/11/17 15:59:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\ictsd1
    [2009/11/17 15:59:09 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\hmc05\webct_upload_applet.properties
    [2009/11/17 15:59:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\standby1
    [2009/11/17 15:59:07 | 000,004,322 | RHS- | C] () -- C:\Documents and Settings\hmc05\ntuser.pol
    [2009/11/17 13:19:28 | 000,052,119 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2009/11/17 13:17:36 | 000,000,000 | R-S- | C] () -- \MSDOS.SYS
    [2009/11/17 13:17:36 | 000,000,000 | R-S- | C] () -- \IO.SYS
    [2009/11/17 12:54:44 | 000,000,512 | --S- | C] () -- \BOOTSECT.DOS
    [1980/01/01 01:00:00 | 000,250,048 | RHS- | C] () -- \ntldr
    [1980/01/01 01:00:00 | 000,047,564 | RHS- | C] () -- \NTDETECT.COM
    [1980/01/01 01:00:00 | 000,000,323 | RHS- | C] () -- \boot.ini

    ========== ZeroAccess Check ==========

    [2009/11/17 12:29:00 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
    Interface type: IDE
    Media Type: Fixed\thard disk media
    Model: WDC WD2500AAJS-60M0A0
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 233.00GB
    Starting Offset: 32256
    Hidden sectors: 0

    [2009/11/17 12:37:01 | 000,000,000 | RH-D | M] -- C:\MSOCache

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\shell\open\command\\: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINNT\system32\ie4uinit.exe" -reinstall [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -hide [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -show [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\shell\open\command\\: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINNT\system32\ie4uinit.exe" -reinstall [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -hide [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -show [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >
    [2009/12/18 00:14:34 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\system32\drivers\sptd.sys

    < %systemroot%\system32\drivers\*.sys /90 >

    < %systemroot%\System32\config\*.sav >
    [2009/11/17 13:09:52 | 000,094,208 | ---- | M] () -- C:\WINNT\System32\config\default.sav
    [2009/11/17 13:09:52 | 001,089,536 | ---- | M] () -- C:\WINNT\System32\config\software.sav
    [2009/11/17 13:09:52 | 000,921,600 | ---- | M] () -- C:\WINNT\System32\config\system.sav

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2011/08/17 11:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2009/12/18 00:22:02 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
    [2009/11/17 13:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
    [2009/11/17 12:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
    [2010/02/09 21:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
    [2010/02/09 21:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
    [2012/10/07 20:43:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2009/11/17 13:16:04 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
    [2009/12/17 22:13:52 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
    [2010/03/10 19:57:09 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
    [2010/03/15 22:29:11 | 000,000,000 | ---D | M] -- C:\Program Files\DjVu Solo 3.1
    [2010/03/30 09:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\DjVuZone
    [2012/06/02 02:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\Dropbox
    [2009/11/17 12:54:57 | 000,000,000 | ---D | M] -- C:\Program Files\DWG TrueView 2008
    [2009/12/10 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Enterprise Vault
    [2012/10/05 18:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
    [2010/03/18 17:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\FileOpen
    [2011/09/26 12:01:12 | 000,000,000 | ---D | M] -- C:\Program Files\flashfix
    [2009/11/17 13:44:40 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
    [2012/05/28 16:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\gs
    [2010/02/09 21:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
    [2011/11/09 12:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Imperial College London
    [2010/01/19 16:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
    [2012/09/25 09:28:06 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2009/11/17 13:16:54 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
    [2010/10/11 18:13:32 | 000,000,000 | ---D | M] -- C:\Program Files\JabRef
    [2012/03/22 13:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2009/11/17 14:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\Latex
    [2012/05/28 16:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\latex2eps
    [2011/11/30 10:30:10 | 000,000,000 | ---D | M] -- C:\Program Files\LearningGuide
    [2009/11/17 13:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Maple 13
    [2012/03/22 13:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\MATLAB
    [2009/11/17 13:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
    [2009/11/17 13:22:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
    [2009/11/17 12:43:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Corporation
    [2010/02/09 21:11:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
    [2009/11/17 13:17:48 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
    [2012/05/16 16:46:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2010/02/09 21:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
    [2012/05/14 13:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
    [2010/02/09 21:16:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
    [2010/02/09 21:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2010/02/09 21:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
    [2009/11/17 12:39:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
    [2010/02/09 21:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
    [2010/02/09 21:00:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
    [2009/11/17 12:41:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
    [2010/02/09 21:14:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
    [2012/05/28 16:33:10 | 000,000,000 | ---D | M] -- C:\Program Files\MiKTeX 2.9
    [2010/09/13 10:02:48 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2012/05/16 18:09:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2012/05/16 15:15:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
    [2012/05/16 16:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2009/11/17 12:43:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
    [2009/11/17 13:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
    [2009/11/17 12:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2010/02/09 21:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
    [2012/03/05 11:09:29 | 000,000,000 | ---D | M] -- C:\Program Files\National Instruments
    [2009/11/17 13:16:32 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
    [2009/11/17 12:55:13 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
    [2010/09/27 17:26:09 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
    [2009/11/17 13:16:44 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
    [2009/11/17 12:55:14 | 000,000,000 | ---D | M] -- C:\Program Files\Oracle
    [2010/12/17 04:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
    [2010/09/27 18:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\PDFCreator
    [2010/03/30 23:11:49 | 000,000,000 | ---D | M] -- C:\Program Files\pdfsam
    [2009/11/17 12:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
    [2010/09/13 09:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\Real
    [2009/11/17 12:34:00 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2009/11/17 14:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Manager 11
    [2009/11/17 13:17:54 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
    [2010/05/25 17:01:38 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
    [2010/10/15 13:37:55 | 000,000,000 | ---D | M] -- C:\Program Files\slitherlink
    [2010/11/18 15:15:01 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
    [2009/11/17 12:24:30 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
    [2009/11/17 13:46:53 | 000,000,000 | ---D | M] -- C:\Program Files\UnxUtils
    [2012/05/02 23:06:00 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
    [2010/02/06 23:32:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
    [2010/01/22 12:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Imaging
    [2009/11/17 12:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
    [2009/11/17 12:49:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2010/02/09 21:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
    [2009/11/17 13:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2009/11/17 13:16:46 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
    [2009/11/17 12:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
    [2009/11/17 13:17:48 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
    [2009/11/17 13:45:09 | 000,000,000 | ---D | M] -- C:\Program Files\Zero G Registry

    < %appdata%\*.* >

    < MD5 for: AFD.SYS >
    [2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINNT\system32\dllcache\afd.sys
    [2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINNT\system32\drivers\afd.sys
    [2008/04/14 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINNT\$NtUninstallKB956803$\afd.sys
    [2011/02/16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINNT\$NtUninstallKB2592799$\afd.sys
    [2008/10/16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINNT\$hf_mig$\KB2509553\SP3QFE\afd.sys
    [2008/08/14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINNT\$hf_mig$\KB956803\SP3QFE\afd.sys
    [2008/10/16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINNT\$NtUninstallKB2503665$\afd.sys
    [2008/08/14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINNT\$NtUninstallKB2509553$\afd.sys
    [2011/02/16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINNT\$hf_mig$\KB2503665\SP3QFE\afd.sys
    [2011/08/17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINNT\$hf_mig$\KB2592799\SP3QFE\afd.sys

    < MD5 for: ATAPI.SYS >
    [2008/04/14 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\erdnt\cache\atapi.sys
    [2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2008/04/14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINNT\erdnt\cache\cryptsvc.dll
    [2008/04/14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINNT\system32\cryptsvc.dll
    [2008/04/14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINNT\system32\dllcache\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2008/04/14 13:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINNT\$NtUninstallKB2509553$\dnsrslvr.dll
    [2009/04/20 18:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINNT\system32\dllcache\dnsrslvr.dll
    [2009/04/20 18:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINNT\system32\dnsrslvr.dll
    [2009/04/20 18:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINNT\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2008/04/14 13:00:00 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINNT\$NtUninstallKB950974$\es.dll
    [2008/07/07 21:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINNT\erdnt\cache\es.dll
    [2008/07/07 21:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINNT\system32\dllcache\es.dll
    [2008/07/07 21:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINNT\system32\es.dll
    [2008/07/07 21:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINNT\$hf_mig$\KB950974\SP3QFE\es.dll
    [2012/09/25 10:41:57 | 000,008,728 | ---- | M] () MD5=FABB2C5368FC626FB1D2A214028DF8EF -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\Locales\es.dll

    < MD5 for: EXPLORER.EXE >
    [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\erdnt\cache\explorer.exe
    [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\explorer.exe
    [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\system32\dllcache\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2008/04/14 13:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINNT\system32\dllcache\ipnathlp.dll
    [2008/04/14 13:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINNT\system32\ipnathlp.dll

    < MD5 for: IPSEC.SYS >
    [2008/04/14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINNT\erdnt\cache\ipsec.sys
    [2008/04/14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINNT\system32\dllcache\ipsec.sys
    [2008/04/14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINNT\system32\drivers\ipsec.sys

    < MD5 for: NETBT.SYS >
    [2008/04/14 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINNT\system32\dllcache\netbt.sys
    [2008/04/14 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINNT\system32\drivers\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2008/04/14 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINNT\erdnt\cache\netman.dll
    [2008/04/14 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINNT\system32\dllcache\netman.dll
    [2008/04/14 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINNT\system32\netman.dll

    < MD5 for: QMGR.DLL >
    [2008/04/14 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINNT\erdnt\cache\qmgr.dll
    [2008/04/14 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINNT\system32\dllcache\qmgr.dll
    [2008/04/14 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINNT\system32\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2008/04/14 13:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINNT\$NtUninstallKB956572$\rpcss.dll
    [2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINNT\erdnt\cache\rpcss.dll
    [2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINNT\system32\dllcache\rpcss.dll
    [2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINNT\system32\rpcss.dll
    [2009/02/09 11:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINNT\$hf_mig$\KB956572\SP3QFE\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\$hf_mig$\KB956572\SP3QFE\services.exe
    [2008/04/14 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINNT\$NtUninstallKB956572$\services.exe
    [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINNT\erdnt\cache\services.exe
    [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINNT\system32\dllcache\services.exe
    [2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINNT\system32\services.exe

    < MD5 for: SR.SYS >
    [2008/04/14 13:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINNT\system32\dllcache\sr.sys
    [2008/04/14 13:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINNT\system32\drivers\sr.sys

    < MD5 for: SRSVC.DLL >
    [2008/04/14 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINNT\erdnt\cache\srsvc.dll
    [2008/04/14 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINNT\system32\dllcache\srsvc.dll
    [2008/04/14 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINNT\system32\srsvc.dll

    < MD5 for: SVCHOST.EXE >
    [2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\erdnt\cache\svchost.exe
    [2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\dllcache\svchost.exe
    [2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\svchost.exe
    [2012/08/15 08:48:46 | 000,218,184 | ---- | M] () MD5=B6381489F9C8612AFFD4A2765ABD341C -- C:\Documents and Settings\hmc05\Desktop\Chameleon\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2008/04/14 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINNT\$NtUninstallKB2509553$\tcpip.sys
    [2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\erdnt\cache\tcpip.sys
    [2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\system32\dllcache\tcpip.sys
    [2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\system32\drivers\tcpip.sys
    [2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINNT\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

    < MD5 for: USERINIT.EXE >
    [2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\erdnt\cache\userinit.exe
    [2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\dllcache\userinit.exe
    [2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2008/04/14 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINNT\system32\dllcache\volsnap.sys
    [2008/04/14 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINNT\system32\drivers\volsnap.sys

    < MD5 for: WINLOGON.EXE >
    [2012/08/15 08:48:46 | 000,218,184 | ---- | M] () MD5=B6381489F9C8612AFFD4A2765ABD341C -- C:\Documents and Settings\hmc05\Desktop\Chameleon\winlogon.exe
    [2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\erdnt\cache\winlogon.exe
    [2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\dllcache\winlogon.exe
    [2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2008/04/14 13:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINNT\system32\dllcache\wmisvc.dll
    [2008/04/14 13:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINNT\system32\wbem\wmisvc.dll

    < MD5 for: WSCSVC.DLL >
    [2008/04/14 13:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINNT\system32\dllcache\wscsvc.dll
    [2008/04/14 13:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINNT\system32\wscsvc.dll

    < MD5 for: WUAUSERV.DLL >
    [2008/04/14 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINNT\system32\dllcache\wuauserv.dll
    [2008/04/14 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINNT\system32\wuauserv.dll

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\WINNT\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINNT\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
    [C:\WINNT\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINNT\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
    [C:\WINNT\assembly\GAC_MSIL\WcfSvcHost\9.0.0.0__31bf3856ad364e35] -> C:\WINNT\WinSxS\MSIL_WcfSvcHost_31bf3856ad364e35_9.0.0.0_x-ww_e0abf5ea -> Junction
    < End of report >
  23. weety

    weety Newcomer, in training Topic Starter Posts: 60

    OTL Extras logfile created on: 07/10/2012 20:55:05 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\hmc05\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.95 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 72.37% Memory free
    4.79 Gb Paging File | 4.13 Gb Available in Paging File | 86.24% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 187.06 Gb Free Space | 80.33% Space Free | Partition Type: NTFS
    Drive H: | 8.00 Gb Total Space | 6.94 Gb Free Space | 86.69% Space Free | Partition Type: NTFS
    Drive L: | 390.63 Mb Total Space | 195.66 Mb Free Space | 50.09% Space Free | Partition Type: NTFS
    Drive V: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
    Drive W: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
    Drive Y: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
    Drive Z: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS

    Computer Name: EE-HMC05 | User Name: hmc05 | NOT logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML.MX6UJC6M3T2W7R4LKSBRCBMU3E] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htafile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 1
    "AllAlertsDisabled" = 1
    "TermService" = 1
    "DisableMonitoring" = 1
    "FirewallDisableNotify" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
    "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "\\icfs16.cc.ic.ac.uk\hmc05\IExplorer\AppData\Dropbox\bin\Dropbox.exe" = \\icfs16.cc.ic.ac.uk\hmc05\IExplorer\AppData\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
    "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
    "{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
    "{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
    "{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
    "{5AE5DB70-5CE6-4876-A83E-8246CC36FC28}" = Microsoft Office PowerPoint 2007 Get Started Tab
    "{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
    "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL
    "{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Microsoft Office Word 2007 Get Started Tab
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{71ADC302-F323-45A7-AFA4-C55D7B861D30}" = Scientific WorkPlace 5.5
    "{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
    "{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
    "{86924253-1BCC-4BF5-B995-33C1DB7EECAE}" = 32 Bit HP CIO Components Installer
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B78A1C2-8916-4351-AE81-6423C346A452}" = Symantec Enterprise Vault HTTP-only Outlook Add-In
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{D10F01FE-B62F-46CA-B657-FBA639601DFD}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A7-0409-0000-0000000FF1CE}" = Calendar Printing Assistant for Microsoft Office Outlook 2007
    "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
    "{94F8151E-1946-4D81-9FBF-E167DF25954A}" = NI LabVIEW Run-Time Engine 8.0
    "{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV
    "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
    "{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
    "{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
    "{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}" = Microsoft Office Excel 2007 Get Started Tab
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
    "{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
    "{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
    "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    "{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
    "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
    "{BA2CD2E5-FBAF-4F58-8CF4-AE1E5E873A07}" = LearningGuide Assistant
    "{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
    "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}" = Reference Manager 11
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
    "{CAFECAFE-0013-0001-0123-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.23
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
    "{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
    "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
    "{E1AFA334-BAD3-4EFE-B8B0-B28AA9C3F21E}" = NI Uninstaller
    "{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{F1F8CE7F-1D24-416F-BFA1-F7DD39D8A000}" = Auto-sleep
    "{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
    "{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "Autodesk Design Review 2010" = Autodesk Design Review 2010
    "DjVu Solo 3.1" = DjVu Solo 3.1
    "DjVuLibre+DjView" = DjVuLibre+DjView
    "DWG TrueView 2008" = DWG TrueView 2008
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "GPL Ghostscript 9.05" = GPL Ghostscript
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
    "JabRef 2.6" = JabRef 2.6
    "latex2eps_is1" = latex2eps 0.11
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Macromedia Authorware Web Player" = Macromedia Authorware Web Player
    "Maple 13" = Maple 13
    "Matlab R2012a" = MATLAB R2012a
    "MatlabR2008a" = MATLAB R2008a
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "MiKTeX" = MiKTeX
    "MiKTeX 2.9" = MiKTeX 2.9
    "Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
    "Mozilla Thunderbird 12.0.1 (x86 en-GB)" = Mozilla Thunderbird 12.0.1 (x86 en-GB)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NI Uninstaller" = National Instruments Software
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
    "RDC" = RDC
    "RealPlayer 6.0" = RealPlayer Enterprise
    "slitherlink_is1" = slitherlink version 1.0
    "TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 6.21 (Fawkes)
    "TreeSize" = TreeSize
    "uTorrent" = µTorrent
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinGimp-2.0_is1" = The GIMP 2.2.8
    "WinGTK-2_is1" = GTK+ 2.6.8-1 runtime environment
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "pdfsam" = pdfsam

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 04/10/2012 20:59:33 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711753
    Description = TruScan has generated an error: code 9: description: Heuristic Scan
    or Load Failure

    Error - 05/10/2012 01:34:49 | Computer Name = EE-HMC05 | Source = Windows Search Service | ID = 3079
    Description = Notifications for the volume c:\ are not active. Context: Windows
    Application Details: Insufficient system resources exist to complete the requested
    service. (0x800705aa)

    Error - 05/10/2012 01:49:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
    Description = Symantec Endpoint Protection has determined that the virus definitions
    are missing on this computer. This computer will remain unprotected from viruses
    until virus definitions are downloaded to this computer.Application has encountered
    an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

    Error - 05/10/2012 01:52:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
    Description = Symantec Endpoint Protection has determined that the virus definitions
    are missing on this computer. This computer will remain unprotected from viruses
    until virus definitions are downloaded to this computer.Application has encountered
    an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

    Error - 05/10/2012 01:55:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
    Description = Symantec Endpoint Protection has determined that the virus definitions
    are missing on this computer. This computer will remain unprotected from viruses
    until virus definitions are downloaded to this computer.Application has encountered
    an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

    Error - 05/10/2012 01:58:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
    Description = Symantec Endpoint Protection has determined that the virus definitions
    are missing on this computer. This computer will remain unprotected from viruses
    until virus definitions are downloaded to this computer.Application has encountered
    an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

    Error - 05/10/2012 02:04:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
    Description = Symantec Endpoint Protection has determined that the virus definitions
    are missing on this computer. This computer will remain unprotected from viruses
    until virus definitions are downloaded to this computer.Application has encountered
    an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

    Error - 05/10/2012 02:07:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
    Description = Symantec Endpoint Protection has determined that the virus definitions
    are missing on this computer. This computer will remain unprotected from viruses
    until virus definitions are downloaded to this computer.Application has encountered
    an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

    Error - 05/10/2012 03:13:04 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
    Description = Symantec Endpoint Protection has determined that the virus definitions
    are missing on this computer. This computer will remain unprotected from viruses
    until virus definitions are downloaded to this computer.Application has encountered
    an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

    Error - 05/10/2012 03:16:05 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
    Description = Symantec Endpoint Protection has determined that the virus definitions
    are missing on this computer. This computer will remain unprotected from viruses
    until virus definitions are downloaded to this computer.Application has encountered
    an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

    [ OSession Events ]
    Error - 05/03/2012 06:12:06 | Computer Name = EE-HMC05 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1784915
    seconds with 3420 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 05/10/2012 01:22:14 | Computer Name = EE-HMC05 | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 05/10/2012 01:34:14 | Computer Name = EE-HMC05 | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 05/10/2012 01:41:52 | Computer Name = EE-HMC05 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {7E477741-01A6-4C06-9DAC-55F6174C08A3}.
    The
    error: "%1450" Happened while starting this command: "C:\Program Files\Symantec\Symantec
    Endpoint Protection\SescLU.exe" -Embedding

    Error - 05/10/2012 01:46:14 | Computer Name = EE-HMC05 | Source = Srv | ID = 2019
    Description = The server was unable to allocate from the system nonpaged pool because
    the pool was empty.

    Error - 05/10/2012 01:49:02 | Computer Name = EE-HMC05 | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Program Files\Common Files\Symantec
    Shared\DefUtDCD.dll. Reference error message: The operation completed successfully.
    .

    Error - 05/10/2012 01:49:02 | Computer Name = EE-HMC05 | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Program Files\Common Files\Symantec
    Shared\DefUtDCD.dll. Reference error message: The operation completed successfully.
    .

    Error - 05/10/2012 01:49:02 | Computer Name = EE-HMC05 | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Program Files\Common Files\Symantec
    Shared\DefUtDCD.dll. Reference error message: The operation completed successfully.
    .

    Error - 05/10/2012 01:49:03 | Computer Name = EE-HMC05 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {7E477741-01A6-4C06-9DAC-55F6174C08A3}.
    The
    error: "%1450" Happened while starting this command: "C:\Program Files\Symantec\Symantec
    Endpoint Protection\SescLU.exe" -Embedding

    Error - 05/10/2012 01:52:03 | Computer Name = EE-HMC05 | Source = SideBySide | ID = 16842811
    Description = Generate Activation Context failed for C:\Program Files\Common Files\Symantec
    Shared\DefUtDCD.dll. Reference error message: The operation completed successfully.
    .

    Error - 05/10/2012 01:52:03 | Computer Name = EE-HMC05 | Source = DCOM | ID = 10000
    Description = Unable to start a DCOM Server: {7E477741-01A6-4C06-9DAC-55F6174C08A3}.
    The
    error: "%1450" Happened while starting this command: "C:\Program Files\Symantec\Symantec
    Endpoint Protection\SescLU.exe" -Embedding


    < End of report >
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good job! Scans appear good!

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    =======================================


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  25. weety

    weety Newcomer, in training Topic Starter Posts: 60

    ESET scan is running again now.

    The most obvious issues are the ones in my original post (which still remain now):
    * Cannot access various websites, including webmail (hotmail, gmail etc) and the store.malwarebytes.com pages. Some time ago even Google search results were blocked, but this seems to be ok now.
    * Cannot run Windows Update [Windows XP]. When I try to run it from the Start menu, Internet Explorer opens, but when I try to "allow" the update, a Security Warning pops up: "Windows has found a problem with this file. Name: wuweb_site.cab?1349722209886 Publisher: Unknown Publisher"
    * Malwarebytes installation fails with: ''Internal error: Failed to expand shell folder constant "userappdata"''

    In addition, the computer loads up and runs unusually slowly (but nothing seems to be hogging CPU in taskmgr).
    Also, I seemed to be finding that Adobe pdf reader was crashing after a few minutes' use.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.