Inactive Websites redirected, can't run Windows Update, can't install Malwarebytes

weety

Posts: 60   +0
I cannot access E-mail via websites (such as hotmail.com, gmail.com, work E-mail). A number of other websites also seem to be blocked (e.g. store.malwarebytes.org). I get the message "This webpage is not available" [Google Chrome].

I managed to download the malwarebytes installer from cnet.com, but the installation fails with some not very useful error message. (I can't check it now because I tried to open Internet Explorer and now the system is hanging). Without Malwarebytes, I can't proceed with the recommended 5 steps for malware removal.

When I try to run Windows Update [Windows XP], I first get a message that the default search provider has been tinkered with. Then, when I try to "allow" the update in Internet Explorer, an error pops up and the update cannot proceed.

Please help!
 
Symantec Endpoint (and no other antivirus) is installed, but doesn't seem to respond to any type of clicking.
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.
After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:
  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Thanks for taking time to help me.

I am unable to disable Symantec Endpoint Protection, but will proceed anyway.

I know I'm not supposed to mess around with these things, but I tried running ComboFix previously (renamed as svchost.exe) and it took a little over 10 hours to complete. However, I know I'm supposed to do precisely what I'm told, so I'll run it again now and post the new log tomorrow.
 
ComboFix 12-10-03.03 - hmc05 03/10/2012 19:02:50.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3017.2408 [GMT 1:00]
Running from: c:\documents and settings\hmc05\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2012-09-25 19:50 . 2012-09-25 19:50--------d-----w-c:\program files\pdfforge Toolbar
2012-09-25 19:50 . 2012-09-25 19:50--------d-----w-c:\program files\Common Files\Spigot
2012-09-25 19:50 . 2012-09-25 19:50--------d-----w-c:\program files\Application Updater
2012-09-25 08:06 . 2012-09-25 08:06--------d-----w-c:\documents and settings\All Users\Application Data\MFAData
2012-09-25 08:06 . 2012-09-25 08:06--------d-----w-c:\documents and settings\hmc05\Local Settings\Application Data\MFAData
2012-09-25 08:06 . 2012-09-25 08:06--------d-----w-c:\documents and settings\hmc05\Local Settings\Application Data\Avg2013
2012-09-25 08:06 . 2012-09-25 08:06--------d-----w-c:\documents and settings\All Users\Application Data\Common Files
2012-09-24 11:12 . 2012-09-24 11:12--------d-----w-c:\winnt\ms
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 11:18 . 2012-04-27 14:50696520----a-w-c:\winnt\system32\FlashPlayerApp.exe
2012-09-24 11:18 . 2011-06-09 07:3073416----a-w-c:\winnt\system32\FlashPlayerCPLApp.cpl
2012-08-28 15:14 . 1980-01-01 00:00916992----a-w-c:\winnt\system32\wininet.dll
2012-08-28 15:14 . 1980-01-01 00:0043520----a-w-c:\winnt\system32\licmgr10.dll
2012-08-28 15:14 . 1980-01-01 00:001469440------w-c:\winnt\system32\inetcpl.cpl
2012-08-28 12:07 . 1980-01-01 00:00385024----a-w-c:\winnt\system32\html.iec
2012-07-06 13:58 . 1980-01-01 00:0078336----a-w-c:\winnt\system32\browser.dll
2005-10-12 15:04 . 2005-10-12 15:04131072----a-w-c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2012-04-21 01:18 . 2012-05-16 17:0997208----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IgfxTray"="c:\winnt\system32\igfxtray.exe" [2008-10-16 150040]
"HotKeysCmds"="c:\winnt\system32\hkcmd.exe" [2008-10-16 178712]
"Persistence"="c:\winnt\system32\igfxpers.exe" [2008-10-16 150040]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-08 1044480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-17 180224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-11-18 115560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-10-02 0]
.
c:\documents and settings\hmc05\Start Menu\Programs\Startup\
Dropbox.lnk - \\icfs16.cc.ic.ac.uk\hmc05\IExplorer\AppData\Dropbox\bin\Dropbox.exe [N/A]
ICTprintservice.lnk - \\ICADS11\netlogon\clusters\common\ICTprintservice.cmd [2007-12-19 6839]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Auto-sleep.lnk - c:\winnt\Installer\{F1F8CE7F-1D24-416F-BFA1-F7DD39D8A000}\mainicon.ico [2011-11-9 15086]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceRunOnStartMenu"= 1 (0x1)
"RestrictWelcomeCenter"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-166766\Scripts\Logoff\0\0]
"Script"=userlog_logoff_3.04.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-166766\Scripts\Logon\0\0]
"Script"=%logonserver%\netlogon\user4-GPO.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\winnt\system32\drivers\sfaudio.sys [01/01/1980 01:00 24064]
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [18/12/2009 00:14 691696]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19/09/2012 16:21 795072]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\winnt\system32\drivers\e1k5132.sys [01/01/1980 01:00 144480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/09/2012 09:28 106656]
R3 IFXTPM;IFXTPM;c:\winnt\system32\drivers\ifxtpm.sys [01/01/1980 01:00 36352]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27/04/2012 15:50 250568]
S3 COH_Mon;COH_Mon;c:\winnt\system32\drivers\COH_Mon.sys [03/07/2009 11:52 23888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-03 c:\winnt\Tasks\Adobe Flash Player Updater.job
- c:\winnt\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 11:18]
.
2012-10-03 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766Core.job
- c:\documents and settings\hmc05\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 10:43]
.
2012-10-03 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766UA.job
- c:\documents and settings\hmc05\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-10-02 10:43]
.
2012-10-03 c:\winnt\Tasks\MATLAB R2012a Startup Accelerator.job
- c:\program files\MATLAB\R2012a\bin\win32\MATLABStartupAccelerator.exe [2012-03-22 03:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ic.ac.uk
Trusted Zone: icfs16.cc.ic.ac.uk
TCP: DhcpNameServer = 155.198.142.7 155.198.142.8
DPF: {64A6114F-2976-4634-BE36-134BF84D369C} - hxxps://www3.imperial.ac.uk/eWebEditPro/ewebeditpro4.cab
DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AD} - ftp://ftp.ni.com/pub/devzone/tut/cnx_lv8_runtime.exe
DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF}
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-04 06:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-243037206-41955558-561332275-166766\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINNT\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-10-04 06:10:11
ComboFix-quarantined-files.txt 2012-10-04 05:10
ComboFix2.txt 2012-10-03 03:36
ComboFix3.txt 2012-10-01 20:31
ComboFix4.txt 2012-09-25 19:43
ComboFix5.txt 2012-10-03 17:47
.
Pre-Run: 201,029,742,592 bytes free
Post-Run: 201,042,485,248 bytes free
.
- - End Of File - - C3C90714FC9999060524D403F0CC1A8E
 
Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

avast! aswMBR

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below
aswMBR_Scan.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
 
TDSSKiller found 254 "suspicious objects". All skipped.

Log is far too long to post. (Please find attached).
 

Attachments

  • TDSSKiller.2.8.10.0_04.10.2012_16.29.24_log.txt
    219.4 KB · Views: 2
The instructions don't specify if I should do a "QuickScan" or select a specific disk drive. I went for C:\, as it sounded more thorough. Please let me know if a QuickScan is sufficient.
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 12:51:02
-----------------------------
12:51:02.472 OS Version: Windows 5.1.2600 Service Pack 3
12:51:02.472 Number of processors: 2 586 0x170A
12:51:02.472 ComputerName: EE-HMC05 UserName: hmc05
12:51:03.577 Initialize success
12:51:53.369 AVAST engine defs: 12100501
12:53:05.397 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16
12:53:05.413 Disk 0 Vendor: WDC_WD2500AAJS-60M0A0 02.03E02 Size: 238475MB BusType: 3
12:53:05.444 Disk 0 MBR read successfully
12:53:05.444 Disk 0 MBR scan
12:53:05.569 Disk 0 Windows XP default MBR code
12:53:05.584 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
12:53:05.600 Disk 0 scanning sectors +488376000
12:53:05.662 Disk 0 scanning C:\WINNT\system32\drivers
12:53:15.290 Service scanning
12:53:30.924 Service sptd C:\WINNT\System32\Drivers\sptd.sys **LOCKED** 32
12:53:35.215 Modules scanning
12:53:37.384 Module: C:\WINNT\System32\Drivers\atapi.sys **SUSPICIOUS**
12:53:37.727 Module: C:\WINNT\System32\Drivers\iaStor.sys **SUSPICIOUS**
12:53:40.910 Module: C:\WINNT\system32\ntdll.dll **SUSPICIOUS**
12:53:40.910 Disk 0 trace - called modules:
12:53:40.926 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spua.sys >>UNKNOWN [0x8a49f938]<<
12:53:40.926 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a441ab8]
12:53:40.942 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000075[0x8a4f5250]
12:53:40.942 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-16[0x8a402d98]
12:53:41.566 AVAST engine scan C:\WINNT
12:54:00.368 AVAST engine scan C:\WINNT\system32
12:58:09.750 AVAST engine scan C:\WINNT\system32\drivers
12:58:31.770 AVAST engine scan C:\Documents and Settings\hmc05
13:02:53.640 AVAST engine scan C:\Documents and Settings\All Users
13:07:37.690 Scan finished successfully
13:27:14.251 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\hmc05\Desktop\MBR.dat"
13:27:14.251 The log file has been saved successfully to "C:\Documents and Settings\hmc05\Desktop\aswMBRnew.txt"
 

Attachments

  • MBR.txt
    512 bytes · Views: 1
(That is the log from a QuickScan... the full scan ran overnight and when I came back, I had dozens of error messages popping up about delayed write fails. I tried to save the log, but everything just crashed and I had to reboot).
 
Excellent work!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.
 
Thanks for your ongoing help. Looks like the scan will take a while... but I've got a good feeling about this one! 14 threats found so far ("a variant of Win32/Toolbar.Widgi application").

Log file to follow (probably tomorrow) ..........
 
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dlla variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.16a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.17a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9a variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\pdfforge Toolbar\IE\6.3\pdFForgetoolbarie.dll.vira variant of Win32/Toolbar.Widgi applicationcleaned by deleting - quarantined
 
Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

    DRIVES
    SHOWHIDDEN
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    CreateRestorePoint
    %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
    %AppData%\Local\
    %systemroot%\system32\sysprep
    *.xpi /md5
    %systemroot%\Downloaded Program Files\
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.exe /md5
    "%WinDir%\$NtUninstallKB*$." /30
    %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\Installer\ /s
    %systemroot%\system32\Cache\ /s
    %systemroot%\system32\config\systemprofile\Application Data /s
    %PROGRAMFILES%\*.
    %appdata%\*.*
    /md5start
    volsnap.sys
    services.exe
    userinit.exe
    afd.sys
    tcpip.sys
    netbt.sys
    ipsec.sys
    dnsrslvr.dll
    ipnathlp.dll
    netman.dll
    WMIsvc.dll
    srsvc.dll
    sr.sys
    wscsvc.dll
    wuauserv.dll
    qmgr.dll
    es.dll
    cryptsvc.dll
    svchost.exe
    rpcss.dll
    tdx.sys
    wininit.exe
    winlogon.exe
    atapi.sys
    explorer.exe
    /md5stop
  • Click the Run Scan button. The scan will not take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time.

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
 
# AdwCleaner v2.004 - Logfile created 10/07/2012 at 20:43:43
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : hmc05 - EE-HMC05
# Boot Mode : Normal
# Running from : C:\Documents and Settings\hmc05\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\pdfforge Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F6A415-2A69-48F1-8F91-B9381B33FF1A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F6A415-2A69-48F1-8F91-B9381B33FF1A}
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (en-GB)

-\\ Google Chrome v22.0.1229.79

File : C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1948 octets] - [07/10/2012 20:43:43]

########## EOF - H:\AdwCleaner[S1].txt - [2008 octets] ##########
 
OTL logfile created on: 07/10/2012 20:55:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\hmc05\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.95 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 72.37% Memory free
4.79 Gb Paging File | 4.13 Gb Available in Paging File | 86.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 187.06 Gb Free Space | 80.33% Space Free | Partition Type: NTFS
Drive H: | 8.00 Gb Total Space | 6.94 Gb Free Space | 86.69% Space Free | Partition Type: NTFS
Drive L: | 390.63 Mb Total Space | 195.66 Mb Free Space | 50.09% Space Free | Partition Type: NTFS
Drive V: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
Drive W: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
Drive Y: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
Drive Z: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS

Computer Name: EE-HMC05 | User Name: hmc05 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/07 20:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
PRC - [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/10/28 14:15:14 | 000,062,976 | ---- | M] (Imperial College London) -- C:\Program Files\Imperial College London\Auto-sleep\auto-sleep.exe
PRC - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/11/18 15:11:19 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/11/18 15:11:18 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/11/18 15:11:07 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/11/17 12:55:13 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\CCM\CcmExec.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/25 10:42:58 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 10:42:57 | 012,278,808 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 10:42:55 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 10:41:27 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 10:41:26 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 10:41:24 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2009/12/21 02:42:16 | 000,176,235 | ---- | M] () -- C:\WINNT\system32\Primomonnt.dll
MOD - [2008/04/14 13:00:00 | 000,059,904 | ---- | M] () -- C:\WINNT\system32\devenum.dll
MOD - [2008/04/14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINNT\system32\msdmo.dll
MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINNT\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/24 12:18:19 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/11/18 15:11:40 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/11/18 15:11:18 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/11/18 15:11:10 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/11/18 15:11:07 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/11/17 12:55:13 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2009/09/18 05:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 05:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\hmc05\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/09/17 09:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120924.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/17 09:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120924.035\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/15 14:26:06 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/15 14:26:06 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/18 15:14:59 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/11/18 15:11:43 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/11/18 15:11:43 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/11/18 15:11:42 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINNT\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/11/18 15:10:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2010/11/18 15:10:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2010/11/18 15:10:26 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/12/18 00:14:34 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/09/18 05:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/03 11:52:32 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/10/20 21:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/07/19 11:40:48 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HECI.sys -- (HECI)
DRV - [2008/06/05 12:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2008/03/28 11:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2005/10/21 11:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/18 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\cvintdrv.sys -- (cvintdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5C6775AE-B17E-43EC-951F-1735ED9382DB}: "URL" = http://search.live.com/ie.aspx?q={searchTerms}
IE - HKLM\..\SearchScopes\{5CEB5537-BEEB-4BC2-A428-B524DC584A5A}: "URL" = http://search.imperial.ac.uk/icsear...h=20&cs=iso-8859-1&sc=imperial&sm=0&ha=0&mt=1
IE - HKLM\..\SearchScopes\{6D91FEDC-F816-4F15-B929-B6B57184D2F8}: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{2ED652B6-A935-4ECF-95F9-E62AC8AAFD4F}: "URL" = http://search.live.com/ie.aspx?q={searchTerms}
IE - HKCU\..\SearchScopes\{5A81F079-14F5-4766-A656-C6889E04A9E0}: "URL" = http://www.google.com/search?sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&q={searchTerms}
IE - HKCU\..\SearchScopes\{850361F7-476B-44B8-AB49-9C7F85564DBD}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{F66A58C6-CA60-4AB4-885F-0196F9274FF5}: "URL" = http://search.imperial.ac.uk/icsear...h=20&cs=iso-8859-1&sc=imperial&sm=0&ha=0&mt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2981: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3039: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1798: C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/16 18:09:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/02 11:35:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/05/16 15:15:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7.3\Extensions\\Components: C:\Program Files\mozilla.org\Mozilla\Components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla 1.7.3\Extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla\Plugins

[2012/05/16 18:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/22 13:39:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/09/20 00:00:08 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13123.dll
[2005/10/12 16:04:02 | 000,020,480 | ---- | M] (National Instruments) -- C:\Program Files\mozilla firefox\plugins\NPLV80Win32.dll
[2012/04/21 03:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/21 03:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 03:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/21 03:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/21 03:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/21 03:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINNT\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Oracle JInitiator (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPJinit13123.dll
CHR - plugin: National Instruments LabVIEW 8.0 Netscape Plug-in for Windows (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPLV80Win32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer Enterprise\Netscape6\nprjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINNT\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/02 11:59:55 | 000,000,019 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINNT\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto-sleep.lnk = C:\WINNT\Installer\{F1F8CE7F-1D24-416F-BFA1-F7DD39D8A000}\mainicon.ico ()
O4 - Startup: C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O4 - Startup: C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\ICTprintservice.lnk = \\ICADS2\netlogon\clusters\common\ICTprintservice.cmd ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceRunOnStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKCU\..Trusted Domains: ic.ac.uk ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: ic.ac.uk ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: icfs16.cc.ic.ac.uk ([]file in Trusted sites)
O15 - HKCU\..Trusted Domains: imperial.ac.uk ([]* in Local intranet)
O16 - DPF: {64A6114F-2976-4634-BE36-134BF84D369C} https://www3.imperial.ac.uk/eWebEditPro/ewebeditpro4.cab (eWebEditProLibCtl4.eWebEditPro)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A40B0AD4-B50E-4E58-8A1D-8544233807AD} ftp://ftp.ni.com/pub/devzone/tut/cnx_lv8_runtime.exe (LabVIEWControl Class)
O16 - DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.23)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 155.198.142.7 155.198.142.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA44147E-D188-421D-83F4-E51BBDEDA4DC}: DhcpNameServer = 155.198.142.7 155.198.142.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer001\MathMLMimer.dll (Design Science, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\hmc05\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\hmc05\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINNT\system32\Rundll32.exe c:\WINNT\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{2A209567-6103-4EAD-BA75-96722C22500D} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINNT\system32\rundll32.exe" "C:\WINNT\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINNT\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/07 20:53:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
[2012/10/07 18:42:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/10/07 18:42:35 | 000,000,000 | -HSD | C] -- \RECYCLER
[2012/10/07 18:42:19 | 000,000,000 | -H-D | C] -- C:\WINNT\PIF
[2012/10/07 17:53:48 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- H:\SpyHunter-Installer.exe
[2012/10/07 17:32:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\dds.com
[2012/10/07 17:23:55 | 000,000,000 | ---D | C] -- C:\WINNT\Profiles
[2012/10/07 17:23:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Desktop\Chameleon
[2012/10/05 18:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/05 18:13:17 | 002,322,184 | ---- | C] (ESET) -- H:\esetsmartinstaller_enu.exe
[2012/10/04 06:10:12 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2012/10/02 16:42:54 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\hmc05\Desktop\rkill.exe
[2012/10/02 14:54:22 | 000,307,569 | ---- | C] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\ListParts.exe
[2012/10/02 14:52:03 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\hmc05\Desktop\aswMBR.exe
[2012/10/02 12:15:32 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\hmc05\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/02 12:09:04 | 016,868,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\hmc05\Desktop\Windows-KB890830-V4.12.exe
[2012/10/02 11:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Start Menu\Programs\Google Chrome
[2012/10/01 10:24:39 | 000,000,000 | ---D | C] -- C:\WINNT\Minidump
[2012/09/25 09:15:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Cookies
[2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Local Settings\Application Data\MFAData
[2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/25 09:06:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Avg2013
[2012/09/25 09:04:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2012/09/24 12:12:09 | 000,000,000 | ---D | C] -- C:\WINNT\ms
[2012/09/24 10:03:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/24 10:03:38 | 000,000,000 | RHSD | C] -- \cmdcons
[2012/09/24 10:02:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2012/09/24 10:02:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2012/09/24 10:02:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2012/09/24 10:02:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2012/09/24 10:00:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/24 10:00:54 | 000,000,000 | ---D | C] -- \Qoobox
[2012/09/24 10:00:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\hmc05\Start Menu\Programs\Administrative Tools
[2012/09/24 10:00:35 | 000,000,000 | ---D | C] -- C:\WINNT\erdnt
[2012/09/24 10:00:16 | 004,761,955 | R--- | C] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\ComboFix.exe
[2012/09/24 08:20:40 | 000,000,000 | ---D | C] -- H:\Windows Desktop Search
[2012/09/17 19:25:14 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.exe
[2012/09/13 02:42:49 | 000,000,000 | --SD | C] -- H:\My Shapes
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Visual Studio 2008
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Visual Studio 2005
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Thai
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Review of Resolution Performance
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\QPR 2
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\QPR 1
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Paper v3
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Paper
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\OneNote Notebooks
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Old Files
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\MY NOTES
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\My Digital Editions
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\Miscellaneous
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\MATLAB
[2012/09/13 02:42:49 | 000,000,000 | ---D | C] -- H:\maple
[2012/09/13 02:41:55 | 000,000,000 | ---D | C] -- H:\IExplorer
[2012/09/13 02:41:55 | 000,000,000 | ---D | C] -- H:\exchange
[2012/09/13 02:41:55 | 000,000,000 | ---D | C] -- H:\EMRS DTC Data
[2012/09/13 02:41:44 | 000,000,000 | ---D | C] -- H:\desktop
[2012/09/13 02:41:44 | 000,000,000 | ---D | C] -- H:\Correlation Study
[2012/09/13 02:41:44 | 000,000,000 | ---D | C] -- H:\Corel User Files
[2012/09/13 02:41:43 | 000,000,000 | ---D | C] -- H:\Audio Precision
[2012/09/13 02:41:43 | 000,000,000 | ---D | C] -- H:\3D Signal Subspace
[2012/09/13 02:41:41 | 000,000,000 | -HSD | C] -- H:\$RECYCLE.BIN
[2012/09/13 02:41:41 | 000,000,000 | ---D | C] -- H:\2ndYearReport_Backup27Feb2012
[2012/09/13 02:41:41 | 000,000,000 | ---D | C] -- H:\00 For Printing
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/07 20:53:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\hmc05\Desktop\OTL.exe
[2012/10/07 20:53:10 | 000,000,465 | ---- | M] () -- C:\WINNT\SMSCFG.ini
[2012/10/07 20:53:00 | 000,000,978 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766UA.job
[2012/10/07 20:51:42 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\hmc05\Start Menu\Programs\Startup\ICTprintservice.lnk
[2012/10/07 20:51:41 | 000,002,321 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto-sleep.lnk
[2012/10/07 20:51:28 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2012/10/07 20:51:22 | 000,000,546 | ---- | M] () -- C:\WINNT\tasks\MATLAB R2012a Startup Accelerator.job
[2012/10/07 20:50:38 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2012/10/07 20:50:36 | 3163,807,744 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/07 20:43:07 | 000,538,327 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\adwcleaner.exe
[2012/10/07 20:23:00 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
[2012/10/07 17:53:51 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- H:\SpyHunter-Installer.exe
[2012/10/07 17:32:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\dds.com
[2012/10/07 17:30:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\ptgkw35r.exe
[2012/10/07 17:20:38 | 001,440,846 | ---- | M] () -- H:\mbam-chameleon-1.62.1.1000.zip
[2012/10/07 16:53:00 | 000,000,926 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766Core.job
[2012/10/05 18:13:21 | 002,322,184 | ---- | M] (ESET) -- H:\esetsmartinstaller_enu.exe
[2012/10/04 16:41:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\hmc05\Desktop\aswMBR.exe
[2012/10/04 16:36:02 | 000,037,814 | ---- | M] () -- H:\MSO2057.acl
[2012/10/04 16:29:18 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.exe
[2012/10/03 18:29:36 | 004,761,955 | R--- | M] (Swearware) -- C:\Documents and Settings\hmc05\Desktop\ComboFix.exe
[2012/10/02 17:23:13 | 000,004,322 | RHS- | M] () -- C:\Documents and Settings\hmc05\ntuser.pol
[2012/10/02 16:42:55 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\hmc05\Desktop\rkill.exe
[2012/10/02 16:35:15 | 001,678,240 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\rkill.com
[2012/10/02 16:31:53 | 002,193,278 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller (1).zip
[2012/10/02 16:30:59 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.zip
[2012/10/02 14:54:23 | 000,307,569 | ---- | M] (Farbar) -- C:\Documents and Settings\hmc05\Desktop\ListParts.exe
[2012/10/02 12:15:32 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\hmc05\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/02 12:09:05 | 016,868,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\hmc05\Desktop\Windows-KB890830-V4.12.exe
[2012/10/02 11:59:55 | 000,000,019 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2012/10/02 11:44:12 | 000,002,312 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\Google Chrome.lnk
[2012/10/01 10:03:06 | 001,412,096 | ---- | M] () -- C:\Documents and Settings\hmc05\Desktop\RogueKiller.exe
[2012/09/24 12:18:19 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerApp.exe
[2012/09/24 12:18:18 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINNT\System32\FlashPlayerCPLApp.cpl
[2012/09/24 12:15:32 | 000,001,796 | ---- | M] () -- C:\WINNT\SMSAdvancedClient.sccm2007ac-sp2-kb977384-x86-enu.mif
[2012/09/24 12:15:18 | 000,514,678 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2012/09/24 12:15:18 | 000,098,160 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2012/09/24 12:15:18 | 000,004,764 | ---- | M] () -- C:\WINNT\System32\CcmFramework.ini
[2012/09/24 12:15:18 | 000,000,621 | ---- | M] () -- C:\WINNT\System32\CcmFramework.h
[2012/09/24 10:03:49 | 000,000,323 | RHS- | M] () -- C:\boot.ini
[2012/09/24 09:46:07 | 000,003,739 | ---- | M] () -- C:\WINNT\imsins.BAK
[2012/09/24 08:19:23 | 000,587,792 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[1 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/07 20:43:04 | 000,538,327 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\adwcleaner.exe
[2012/10/07 17:30:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\ptgkw35r.exe
[2012/10/07 17:19:18 | 001,440,846 | ---- | C] () -- H:\mbam-chameleon-1.62.1.1000.zip
[2012/10/04 16:36:02 | 000,037,814 | ---- | C] () -- H:\MSO2057.acl
[2012/10/02 16:35:13 | 001,678,240 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\rkill.com
[2012/10/02 16:31:53 | 002,193,278 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller (1).zip
[2012/10/02 16:30:58 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\tdsskiller.zip
[2012/10/02 11:46:39 | 001,412,096 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\RogueKiller.exe
[2012/10/02 11:44:12 | 000,002,312 | ---- | C] () -- C:\Documents and Settings\hmc05\Desktop\Google Chrome.lnk
[2012/10/02 11:43:54 | 000,000,978 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766UA.job
[2012/10/02 11:43:53 | 000,000,926 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-243037206-41955558-561332275-166766Core.job
[2012/09/25 09:15:23 | 3163,807,744 | -HS- | C] () -- C:\hiberfil.sys
[2012/09/25 09:15:23 | 3163,807,744 | -HS- | C] () -- \hiberfil.sys
[2012/09/24 12:15:18 | 000,004,764 | ---- | C] () -- C:\WINNT\System32\CcmFramework.ini
[2012/09/24 12:15:18 | 000,000,621 | ---- | C] () -- C:\WINNT\System32\CcmFramework.h
[2012/09/24 10:03:49 | 000,000,207 | ---- | C] () -- C:\Boot.bak
[2012/09/24 10:03:49 | 000,000,207 | ---- | C] () -- \Boot.bak
[2012/09/24 10:03:43 | 000,260,272 | R-S- | C] () -- C:\cmldr
[2012/09/24 10:03:43 | 000,260,272 | R-S- | C] () -- \cmldr
[2012/09/24 10:02:17 | 000,256,000 | ---- | C] () -- C:\WINNT\PEV.exe
[2012/09/24 10:02:17 | 000,208,896 | ---- | C] () -- C:\WINNT\MBR.exe
[2012/09/24 10:02:17 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2012/09/24 10:02:17 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2012/09/24 10:02:17 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2012/02/17 05:22:17 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\iacenc.dll
[2011/11/27 23:36:48 | 000,018,982 | ---- | C] () -- C:\Documents and Settings\hmc05\untitled0_MAS.bak
[2010/10/04 14:28:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\myinfo7
[2010/09/27 17:16:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\standby2
[2010/09/17 05:44:11 | 000,012,768 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/02/12 00:28:22 | 000,020,235 | ---- | C] () -- \history.temp
[2010/02/01 14:25:51 | 000,040,817 | ---- | C] () -- \DetRes_L_fix_2D_reverse.swf
[2009/12/18 00:25:00 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\hmc05\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/17 15:59:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\myinfo4
[2009/11/17 15:59:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\ictsd1
[2009/11/17 15:59:09 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\hmc05\webct_upload_applet.properties
[2009/11/17 15:59:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\hmc05\standby1
[2009/11/17 15:59:07 | 000,004,322 | RHS- | C] () -- C:\Documents and Settings\hmc05\ntuser.pol
[2009/11/17 13:19:28 | 000,052,119 | R-S- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/11/17 13:17:36 | 000,000,000 | R-S- | C] () -- \MSDOS.SYS
[2009/11/17 13:17:36 | 000,000,000 | R-S- | C] () -- \IO.SYS
[2009/11/17 12:54:44 | 000,000,512 | --S- | C] () -- \BOOTSECT.DOS
[1980/01/01 01:00:00 | 000,250,048 | RHS- | C] () -- \ntldr
[1980/01/01 01:00:00 | 000,047,564 | RHS- | C] () -- \NTDETECT.COM
[1980/01/01 01:00:00 | 000,000,323 | RHS- | C] () -- \boot.ini

========== ZeroAccess Check ==========

[2009/11/17 12:29:00 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 13:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD2500AAJS-60M0A0
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 233.00GB
Starting Offset: 32256
Hidden sectors: 0

[2009/11/17 12:37:01 | 000,000,000 | RH-D | M] -- C:\MSOCache

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\shell\open\command\\: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINNT\system32\ie4uinit.exe" -reinstall [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -hide [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -show [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/21 03:09:58 | 000,866,992 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/21 02:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome.MX6UJC6M3T2W7R4LKSBRCBMU3E\shell\open\command\\: "C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/09/25 10:43:01 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINNT\system32\ie4uinit.exe" -reinstall [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -hide [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINNT\system32\ie4uinit.exe" -show [2012/08/28 13:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009/12/18 00:14:34 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINNT\system32\drivers\sptd.sys

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >
[2009/11/17 13:09:52 | 000,094,208 | ---- | M] () -- C:\WINNT\System32\config\default.sav
[2009/11/17 13:09:52 | 001,089,536 | ---- | M] () -- C:\WINNT\System32\config\software.sav
[2009/11/17 13:09:52 | 000,921,600 | ---- | M] () -- C:\WINNT\System32\config\system.sav

< %SYSTEMDRIVE%\*.exe /md5 >

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\Application Data /s >

< %PROGRAMFILES%\*. >
[2011/08/17 11:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/12/18 00:22:02 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2009/11/17 13:13:18 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2009/11/17 12:53:52 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/02/09 21:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
[2010/02/09 21:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
[2012/10/07 20:43:43 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2009/11/17 13:16:04 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/12/17 22:13:52 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2010/03/10 19:57:09 | 000,000,000 | ---D | M] -- C:\Program Files\Design Science
[2010/03/15 22:29:11 | 000,000,000 | ---D | M] -- C:\Program Files\DjVu Solo 3.1
[2010/03/30 09:54:07 | 000,000,000 | ---D | M] -- C:\Program Files\DjVuZone
[2012/06/02 02:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\Dropbox
[2009/11/17 12:54:57 | 000,000,000 | ---D | M] -- C:\Program Files\DWG TrueView 2008
[2009/12/10 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\Enterprise Vault
[2012/10/05 18:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/03/18 17:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\FileOpen
[2011/09/26 12:01:12 | 000,000,000 | ---D | M] -- C:\Program Files\flashfix
[2009/11/17 13:44:40 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2012/05/28 16:26:19 | 000,000,000 | ---D | M] -- C:\Program Files\gs
[2010/02/09 21:03:18 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2011/11/09 12:00:04 | 000,000,000 | ---D | M] -- C:\Program Files\Imperial College London
[2010/01/19 16:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\InstallShield Installation Information
[2012/09/25 09:28:06 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/11/17 13:16:54 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/10/11 18:13:32 | 000,000,000 | ---D | M] -- C:\Program Files\JabRef
[2012/03/22 13:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/11/17 14:07:37 | 000,000,000 | ---D | M] -- C:\Program Files\Latex
[2012/05/28 16:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\latex2eps
[2011/11/30 10:30:10 | 000,000,000 | ---D | M] -- C:\Program Files\LearningGuide
[2009/11/17 13:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Maple 13
[2012/03/22 13:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\MATLAB
[2009/11/17 13:08:11 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/11/17 13:22:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009/11/17 12:43:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Corporation
[2010/02/09 21:11:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
[2009/11/17 13:17:48 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2012/05/16 16:46:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/02/09 21:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2012/05/14 13:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/02/09 21:16:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2010/02/09 21:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/02/09 21:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2009/11/17 12:39:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/02/09 21:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2010/02/09 21:00:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
[2009/11/17 12:41:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/02/09 21:14:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2012/05/28 16:33:10 | 000,000,000 | ---D | M] -- C:\Program Files\MiKTeX 2.9
[2010/09/13 10:02:48 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2012/05/16 18:09:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2012/05/16 15:15:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2012/05/16 16:46:08 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/11/17 12:43:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/11/17 13:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/11/17 12:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2010/02/09 21:13:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2012/03/05 11:09:29 | 000,000,000 | ---D | M] -- C:\Program Files\National Instruments
[2009/11/17 13:16:32 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/11/17 12:55:13 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2010/09/27 17:26:09 | 000,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
[2009/11/17 13:16:44 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2009/11/17 12:55:14 | 000,000,000 | ---D | M] -- C:\Program Files\Oracle
[2010/12/17 04:00:34 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/09/27 18:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\PDFCreator
[2010/03/30 23:11:49 | 000,000,000 | ---D | M] -- C:\Program Files\pdfsam
[2009/11/17 12:49:56 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/09/13 09:39:23 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/11/17 12:34:00 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/11/17 14:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Manager 11
[2009/11/17 13:17:54 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/05/25 17:01:38 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/10/15 13:37:55 | 000,000,000 | ---D | M] -- C:\Program Files\slitherlink
[2010/11/18 15:15:01 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2009/11/17 12:24:30 | 000,000,000 | ---D | M] -- C:\Program Files\Uninstall Information
[2009/11/17 13:46:53 | 000,000,000 | ---D | M] -- C:\Program Files\UnxUtils
[2012/05/02 23:06:00 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/02/06 23:32:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2010/01/22 12:05:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Imaging
[2009/11/17 12:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/11/17 12:49:13 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/02/09 21:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2009/11/17 13:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/11/17 13:16:46 | 000,000,000 | ---D | M] -- C:\Program Files\WindowsUpdate
[2009/11/17 12:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2009/11/17 13:17:48 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/11/17 13:45:09 | 000,000,000 | ---D | M] -- C:\Program Files\Zero G Registry

< %appdata%\*.* >

< MD5 for: AFD.SYS >
[2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINNT\system32\dllcache\afd.sys
[2011/08/17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINNT\system32\drivers\afd.sys
[2008/04/14 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINNT\$NtUninstallKB956803$\afd.sys
[2011/02/16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINNT\$NtUninstallKB2592799$\afd.sys
[2008/10/16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINNT\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINNT\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/10/16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINNT\$NtUninstallKB2503665$\afd.sys
[2008/08/14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINNT\$NtUninstallKB2509553$\afd.sys
[2011/02/16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINNT\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2011/08/17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINNT\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2008/04/14 13:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\erdnt\cache\atapi.sys
[2008/04/14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2008/04/14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINNT\erdnt\cache\cryptsvc.dll
[2008/04/14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINNT\system32\cryptsvc.dll
[2008/04/14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINNT\system32\dllcache\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/14 13:00:00 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINNT\$NtUninstallKB2509553$\dnsrslvr.dll
[2009/04/20 18:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINNT\system32\dllcache\dnsrslvr.dll
[2009/04/20 18:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINNT\system32\dnsrslvr.dll
[2009/04/20 18:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINNT\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/14 13:00:00 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINNT\$NtUninstallKB950974$\es.dll
[2008/07/07 21:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINNT\erdnt\cache\es.dll
[2008/07/07 21:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINNT\system32\dllcache\es.dll
[2008/07/07 21:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINNT\system32\es.dll
[2008/07/07 21:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINNT\$hf_mig$\KB950974\SP3QFE\es.dll
[2012/09/25 10:41:57 | 000,008,728 | ---- | M] () MD5=FABB2C5368FC626FB1D2A214028DF8EF -- C:\Documents and Settings\hmc05\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\Locales\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\erdnt\cache\explorer.exe
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\explorer.exe
[2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINNT\system32\dllcache\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2008/04/14 13:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINNT\system32\dllcache\ipnathlp.dll
[2008/04/14 13:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINNT\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINNT\erdnt\cache\ipsec.sys
[2008/04/14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINNT\system32\dllcache\ipsec.sys
[2008/04/14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINNT\system32\drivers\ipsec.sys

< MD5 for: NETBT.SYS >
[2008/04/14 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINNT\system32\dllcache\netbt.sys
[2008/04/14 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINNT\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/14 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINNT\erdnt\cache\netman.dll
[2008/04/14 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINNT\system32\dllcache\netman.dll
[2008/04/14 13:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINNT\system32\netman.dll

< MD5 for: QMGR.DLL >
[2008/04/14 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINNT\erdnt\cache\qmgr.dll
[2008/04/14 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINNT\system32\dllcache\qmgr.dll
[2008/04/14 13:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINNT\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2008/04/14 13:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINNT\$NtUninstallKB956572$\rpcss.dll
[2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINNT\erdnt\cache\rpcss.dll
[2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINNT\system32\dllcache\rpcss.dll
[2009/02/09 13:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINNT\system32\rpcss.dll
[2009/02/09 11:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINNT\$hf_mig$\KB956572\SP3QFE\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINNT\$NtUninstallKB956572$\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINNT\erdnt\cache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINNT\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINNT\system32\services.exe

< MD5 for: SR.SYS >
[2008/04/14 13:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINNT\system32\dllcache\sr.sys
[2008/04/14 13:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINNT\system32\drivers\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/14 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINNT\erdnt\cache\srsvc.dll
[2008/04/14 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINNT\system32\dllcache\srsvc.dll
[2008/04/14 13:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINNT\system32\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\erdnt\cache\svchost.exe
[2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\dllcache\svchost.exe
[2008/04/14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\svchost.exe
[2012/08/15 08:48:46 | 000,218,184 | ---- | M] () MD5=B6381489F9C8612AFFD4A2765ABD341C -- C:\Documents and Settings\hmc05\Desktop\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/04/14 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINNT\$NtUninstallKB2509553$\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\erdnt\cache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\system32\dllcache\tcpip.sys
[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\system32\drivers\tcpip.sys
[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINNT\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\erdnt\cache\userinit.exe
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\dllcache\userinit.exe
[2008/04/14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/14 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINNT\system32\dllcache\volsnap.sys
[2008/04/14 13:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINNT\system32\drivers\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2012/08/15 08:48:46 | 000,218,184 | ---- | M] () MD5=B6381489F9C8612AFFD4A2765ABD341C -- C:\Documents and Settings\hmc05\Desktop\Chameleon\winlogon.exe
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\erdnt\cache\winlogon.exe
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\dllcache\winlogon.exe
[2008/04/14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/14 13:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINNT\system32\dllcache\wmisvc.dll
[2008/04/14 13:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINNT\system32\wbem\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2008/04/14 13:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINNT\system32\dllcache\wscsvc.dll
[2008/04/14 13:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINNT\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2008/04/14 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINNT\system32\dllcache\wuauserv.dll
[2008/04/14 13:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINNT\system32\wuauserv.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINNT\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINNT\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINNT\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINNT\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINNT\assembly\GAC_MSIL\WcfSvcHost\9.0.0.0__31bf3856ad364e35] -> C:\WINNT\WinSxS\MSIL_WcfSvcHost_31bf3856ad364e35_9.0.0.0_x-ww_e0abf5ea -> Junction
< End of report >
 
OTL Extras logfile created on: 07/10/2012 20:55:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\hmc05\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.95 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 72.37% Memory free
4.79 Gb Paging File | 4.13 Gb Available in Paging File | 86.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 187.06 Gb Free Space | 80.33% Space Free | Partition Type: NTFS
Drive H: | 8.00 Gb Total Space | 6.94 Gb Free Space | 86.69% Space Free | Partition Type: NTFS
Drive L: | 390.63 Mb Total Space | 195.66 Mb Free Space | 50.09% Space Free | Partition Type: NTFS
Drive V: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
Drive W: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
Drive Y: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS
Drive Z: | 90.45 Gb Total Space | 28.00 Gb Free Space | 30.95% Space Free | Partition Type: NTFS

Computer Name: EE-HMC05 | User Name: hmc05 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.MX6UJC6M3T2W7R4LKSBRCBMU3E] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 1
"AllAlertsDisabled" = 1
"TermService" = 1
"DisableMonitoring" = 1
"FirewallDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"\\icfs16.cc.ic.ac.uk\hmc05\IExplorer\AppData\Dropbox\bin\Dropbox.exe" = \\icfs16.cc.ic.ac.uk\hmc05\IExplorer\AppData\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0150120}" = J2SE Runtime Environment 5.0 Update 12
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{40FC81EA-21F7-44FB-A6F2-A4D6328F4C4F}" = CorelDRAW Graphics Suite X4 - Lang SU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5AE5DB70-5CE6-4876-A83E-8246CC36FC28}" = Microsoft Office PowerPoint 2007 Get Started Tab
"{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6834B8AE-D23B-4B26-A919-6515844CF2BA}" = CorelDRAW Graphics Suite X4 - Lang PL
"{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}" = Microsoft Office Word 2007 Get Started Tab
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71ADC302-F323-45A7-AFA4-C55D7B861D30}" = Scientific WorkPlace 5.5
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
"{86924253-1BCC-4BF5-B995-33C1DB7EECAE}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B78A1C2-8916-4351-AE81-6423C346A452}" = Symantec Enterprise Vault HTTP-only Outlook Add-In
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{D10F01FE-B62F-46CA-B657-FBA639601DFD}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A7-0409-0000-0000000FF1CE}" = Calendar Printing Assistant for Microsoft Office Outlook 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{94F8151E-1946-4D81-9FBF-E167DF25954A}" = NI LabVIEW Run-Time Engine 8.0
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDA415B-974B-4384-8CA6-9327D5B4270B}" = CorelDRAW Graphics Suite X4 - Lang SV
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}" = Microsoft Office Excel 2007 Get Started Tab
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B1A9CD45-A702-4E3B-91ED-8CD562869901}" = DWG TrueView 2008
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{BA2CD2E5-FBAF-4F58-8CF4-AE1E5E873A07}" = LearningGuide Assistant
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}" = Reference Manager 11
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CAFECAFE-0013-0001-0123-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.23
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E1AFA334-BAD3-4EFE-B8B0-B28AA9C3F21E}" = NI Uninstaller
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F1F8CE7F-1D24-416F-BFA1-F7DD39D8A000}" = Auto-sleep
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FFFE7261-2318-4227-B827-E9E05E16DFE5}" = CorelDRAW Graphics Suite X4 - Lang CZ
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"DjVu Solo 3.1" = DjVu Solo 3.1
"DjVuLibre+DjView" = DjVuLibre+DjView
"DWG TrueView 2008" = DWG TrueView 2008
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GPL Ghostscript 9.05" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"JabRef 2.6" = JabRef 2.6
"latex2eps_is1" = latex2eps 0.11
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Macromedia Authorware Web Player" = Macromedia Authorware Web Player
"Maple 13" = Maple 13
"Matlab R2012a" = MATLAB R2012a
"MatlabR2008a" = MATLAB R2008a
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"MiKTeX" = MiKTeX
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"Mozilla Thunderbird 12.0.1 (x86 en-GB)" = Mozilla Thunderbird 12.0.1 (x86 en-GB)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NI Uninstaller" = National Instruments Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RDC" = RDC
"RealPlayer 6.0" = RealPlayer Enterprise
"slitherlink_is1" = slitherlink version 1.0
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 6.21 (Fawkes)
"TreeSize" = TreeSize
"uTorrent" = µTorrent
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = The GIMP 2.2.8
"WinGTK-2_is1" = GTK+ 2.6.8-1 runtime environment
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"pdfsam" = pdfsam

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/10/2012 20:59:33 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711753
Description = TruScan has generated an error: code 9: description: Heuristic Scan
or Load Failure

Error - 05/10/2012 01:34:49 | Computer Name = EE-HMC05 | Source = Windows Search Service | ID = 3079
Description = Notifications for the volume c:\ are not active. Context: Windows
Application Details: Insufficient system resources exist to complete the requested
service. (0x800705aa)

Error - 05/10/2012 01:49:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
Description = Symantec Endpoint Protection has determined that the virus definitions
are missing on this computer. This computer will remain unprotected from viruses
until virus definitions are downloaded to this computer.Application has encountered
an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

Error - 05/10/2012 01:52:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
Description = Symantec Endpoint Protection has determined that the virus definitions
are missing on this computer. This computer will remain unprotected from viruses
until virus definitions are downloaded to this computer.Application has encountered
an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

Error - 05/10/2012 01:55:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
Description = Symantec Endpoint Protection has determined that the virus definitions
are missing on this computer. This computer will remain unprotected from viruses
until virus definitions are downloaded to this computer.Application has encountered
an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

Error - 05/10/2012 01:58:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
Description = Symantec Endpoint Protection has determined that the virus definitions
are missing on this computer. This computer will remain unprotected from viruses
until virus definitions are downloaded to this computer.Application has encountered
an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

Error - 05/10/2012 02:04:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
Description = Symantec Endpoint Protection has determined that the virus definitions
are missing on this computer. This computer will remain unprotected from viruses
until virus definitions are downloaded to this computer.Application has encountered
an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

Error - 05/10/2012 02:07:03 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
Description = Symantec Endpoint Protection has determined that the virus definitions
are missing on this computer. This computer will remain unprotected from viruses
until virus definitions are downloaded to this computer.Application has encountered
an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

Error - 05/10/2012 03:13:04 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
Description = Symantec Endpoint Protection has determined that the virus definitions
are missing on this computer. This computer will remain unprotected from viruses
until virus definitions are downloaded to this computer.Application has encountered
an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

Error - 05/10/2012 03:16:05 | Computer Name = EE-HMC05 | Source = Symantec AntiVirus | ID = 16711720
Description = Symantec Endpoint Protection has determined that the virus definitions
are missing on this computer. This computer will remain unprotected from viruses
until virus definitions are downloaded to this computer.Application has encountered
an error. For more information, please go to: http://www.symantec.com/techsupp/se...ish&module=1000&error=0009&build=symantec_ent

[ OSession Events ]
Error - 05/03/2012 06:12:06 | Computer Name = EE-HMC05 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1784915
seconds with 3420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/10/2012 01:22:14 | Computer Name = EE-HMC05 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 05/10/2012 01:34:14 | Computer Name = EE-HMC05 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 05/10/2012 01:41:52 | Computer Name = EE-HMC05 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {7E477741-01A6-4C06-9DAC-55F6174C08A3}.
The
error: "%1450" Happened while starting this command: "C:\Program Files\Symantec\Symantec
Endpoint Protection\SescLU.exe" -Embedding

Error - 05/10/2012 01:46:14 | Computer Name = EE-HMC05 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 05/10/2012 01:49:02 | Computer Name = EE-HMC05 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Common Files\Symantec
Shared\DefUtDCD.dll. Reference error message: The operation completed successfully.
.

Error - 05/10/2012 01:49:02 | Computer Name = EE-HMC05 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Common Files\Symantec
Shared\DefUtDCD.dll. Reference error message: The operation completed successfully.
.

Error - 05/10/2012 01:49:02 | Computer Name = EE-HMC05 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Common Files\Symantec
Shared\DefUtDCD.dll. Reference error message: The operation completed successfully.
.

Error - 05/10/2012 01:49:03 | Computer Name = EE-HMC05 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {7E477741-01A6-4C06-9DAC-55F6174C08A3}.
The
error: "%1450" Happened while starting this command: "C:\Program Files\Symantec\Symantec
Endpoint Protection\SescLU.exe" -Embedding

Error - 05/10/2012 01:52:03 | Computer Name = EE-HMC05 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Common Files\Symantec
Shared\DefUtDCD.dll. Reference error message: The operation completed successfully.
.

Error - 05/10/2012 01:52:03 | Computer Name = EE-HMC05 | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {7E477741-01A6-4C06-9DAC-55F6174C08A3}.
The
error: "%1450" Happened while starting this command: "C:\Program Files\Symantec\Symantec
Endpoint Protection\SescLU.exe" -Embedding


< End of report >
 
Good job! Scans appear good!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


=======================================


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
ESET scan is running again now.

The most obvious issues are the ones in my original post (which still remain now):
* Cannot access various websites, including webmail (hotmail, gmail etc) and the store.malwarebytes.com pages. Some time ago even Google search results were blocked, but this seems to be ok now.
* Cannot run Windows Update [Windows XP]. When I try to run it from the Start menu, Internet Explorer opens, but when I try to "allow" the update, a Security Warning pops up: "Windows has found a problem with this file. Name: wuweb_site.cab?1349722209886 Publisher: Unknown Publisher"
* Malwarebytes installation fails with: ''Internal error: Failed to expand shell folder constant "userappdata"''

In addition, the computer loads up and runs unusually slowly (but nothing seems to be hogging CPU in taskmgr).
Also, I seemed to be finding that Adobe pdf reader was crashing after a few minutes' use.
 
Back