Hi Broni,


Below are the logs as required.

MALWAREBYTES

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4602

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/09/2010 23:10:25
mbam-log-2010-09-12 (23-10-25).txt

Scan type: Quick scan
Objects scanned: 138314
Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-13 04:45:20
Windows 5.1.2600 Service Pack 3
Running: vsr893uo.exe; Driver: C:\DOCUME~1\Nick\LOCALS~1\Temp\fgtdapow.sys


---- System - GMER 1.0.15 ----

SSDT 838312A0 ZwAlertResumeThread
SSDT 83831340 ZwAlertThread
SSDT 83A11118 ZwAllocateVirtualMemory
SSDT 837DB130 ZwAssignProcessToJobObject
SSDT 83993848 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEE24C210]
SSDT 83820008 ZwCreateMutant
SSDT 838292F0 ZwCreateSymbolicLinkObject
SSDT 83901DB8 ZwCreateThread
SSDT 8383C090 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEE24C490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEE24C9F0]
SSDT 83AB2300 ZwDuplicateObject
SSDT 8381ED78 ZwFreeVirtualMemory
SSDT 8386D2E8 ZwImpersonateAnonymousToken
SSDT 8386D388 ZwImpersonateThread
SSDT 838A9B30 ZwLoadDriver
SSDT 838F3768 ZwMapViewOfSection
SSDT 83820128 ZwOpenEvent
SSDT 837DF6A0 ZwOpenProcess
SSDT 83805138 ZwOpenProcessToken
SSDT 839D4130 ZwOpenSection
SSDT 83AB2390 ZwOpenThread
SSDT 837DB060 ZwProtectVirtualMemory
SSDT 837CC030 ZwResumeThread
SSDT 837F3D28 ZwSetContextThread
SSDT 837F3DC8 ZwSetInformationProcess
SSDT 8383C170 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEE24CC40]
SSDT 83820088 ZwSuspendProcess
SSDT 837CC0D0 ZwSuspendThread
SSDT 83805170 ZwTerminateProcess
SSDT 837CC170 ZwTerminateThread
SSDT 8381EC70 ZwUnmapViewOfSection
SSDT 83A11088 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 1B0 804E281C 4 Bytes CALL 3AD1AEF3
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2608] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ntdll.dll!RtlValidateUnicodeString + 554 7C9163BE 10 Bytes JMP 034F003A
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ole32.dll!OleInitialize + E37 77500521 7 Bytes JMP 034F00F3
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ole32.dll!CoImpersonateClient + 51 775156C0 7 Bytes JMP 034F01A9
.text C:\Program Files\Internet Explorer\iexplore.exe[2784] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\2CD6CC3A7C0ADEF4FA3760D4D80D0281@4A3 B314FD5EEC754AB5EE6859D85E95D C:\Program Files\IBM\Messages By IBM\images\Background.jpg
Reg HKLM\SOFTWARE\Classes\Applications\WINWORD.EXE\rhe ll\edit
Reg HKLM\SOFTWARE\Classes\Applications\WINWORD.EXE\rhe ll\edit@ &Edit
Reg HKLM\SOFTWARE\Classes\Applications\WINWORD.EXE\rhe ll\edit\command
Reg HKLM\SOFTWARE\Classes\Applications\WINWORD.EXE\rhe ll\edit\command@ "C:\Program Files\Microsoft Office\Office\WINWORD.EXE" /n
Reg HKLM\SOFTWARE\Classes\Applications\WINWORD.EXE\rhe ll\edit\command@command 4FC!!gxsf(Ng]qF`H{LsWORDFiles>llT]jI{jf(=1&L[-81-] /n?
Reg HKLM\SOFTWARE\Classes\Applications\WINWORD.EXE\rhe ll\edit\ddeexec
Reg HKLM\SOFTWARE\Classes\Applications\WINWORD.EXE\rhe ll\edit\ddeexec@ [REM _DDE_Direct][FileOpen("%1")]
Reg HKLM\SOFTWARE\Classes\Applications\WINWORD.EXE\rhe ll\edit\ddeexec\Application
Reg HKLM\SOFTWARE\Classes\Applications\WINWORD.EXE\rhe ll\edit\ddeexec\Application@ WinWord
Reg HKLM\SOFTWARE\Classes\Applications\WINWORD.EXE\rhe ll\edit\ddeexec\Topic
Reg HKLM\SOFTWARE\Classes\Applications\WINWORD.EXE\rhe ll\edit\ddeexec\Topic@ System

---- EOF - GMER 1.0.15 ----

I will post the other logs in the next post.

Thanks and Regards.

Hello Again!

Here are the other logs..

MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 163):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7CCB000 \WINDOWS\system32\KDCOM.DLL
0xF7BDB000 \WINDOWS\system32\BOOTVID.dll
0xF777C000 ACPI.sys
0xF7CCD000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF776B000 pci.sys
0xF77CB000 isapnp.sys
0xF7BDF000 compbatt.sys
0xF7BE3000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7D93000 pciide.sys
0xF7A4B000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF774D000 pcmcia.sys
0xF77DB000 MountMgr.sys
0xF772E000 ftdisk.sys
0xF7BE7000 ACPIEC.sys
0xF7D94000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF7A53000 PartMgr.sys
0xF77EB000 VolSnap.sys
0xF7716000 atapi.sys
0xF77FB000 disk.sys
0xF780B000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF76F6000 fltmgr.sys
0xF76A0000 SYMDS.SYS
0xF768E000 sr.sys
0xF781B000 Lbd.sys
0xF7661000 SYMEFA.SYS
0xF7A5B000 PxHelp20.sys
0xF764C000 drvmcdb.sys
0xF7635000 KSecDD.sys
0xF7622000 WudfPf.sys
0xF7595000 Ntfs.sys
0xF7568000 NDIS.sys
0xF754E000 Mup.sys
0xF786B000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7444000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7430000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7B5B000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF740C000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7B63000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF70F1000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF70CD000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF787B000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7B6B000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7C87000 \SystemRoot\System32\DRIVERS\tp4track.sys
0xF7B73000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF70B9000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7C8B000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF7B7B000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
0xF788B000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7C8F000 \SystemRoot\system32\drivers\pfc.sys
0xF7D07000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF789B000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF78AB000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7096000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7054000 \SystemRoot\system32\drivers\smwdm.sys
0xF7030000 \SystemRoot\system32\drivers\portcls.sys
0xF78BB000 \SystemRoot\system32\drivers\drmk.sys
0xF6FFA000 \SystemRoot\system32\drivers\aeaudio.sys
0xF6FC9000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6ECA000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6E24000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7B83000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7EA4000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF78CB000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7C97000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6E0D000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF78DB000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF78EB000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7B8B000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6DFC000 \SystemRoot\System32\DRIVERS\psched.sys
0xF78FB000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7B9B000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7BA3000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF792B000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7D09000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6565000 \SystemRoot\System32\DRIVERS\update.sys
0xF7CAF000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF793B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF796B000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7D0B000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF74F9000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE3C6000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SRTSP .SYS
0xF74F5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF798B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7BC3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7C63000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xEE3A7000 \SystemRoot\system32\drivers\NIS\1107000.00C\Ironx 86.SYS
0xF799B000 \SystemRoot\system32\drivers\NIS\1107000.00C\SRTSP X.SYS
0xEE25B000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100912.005\NAVEX15.SYS
0xEE236000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xEE222000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100912.005\NAVENG.SYS
0xF7D29000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7E30000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D2B000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7BD3000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7A7B000 \SystemRoot\System32\drivers\vga.sys
0xF7D2D000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7D2F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A83000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A8B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6DF4000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEE1EF000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEE196000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEE13F000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SYMTD I.SYS
0xEE0EA000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0100909.001\IDSxpx86.sys
0xEE0C2000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEE0A0000 \SystemRoot\System32\drivers\afd.sys
0xF79AB000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7A93000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xF7A9B000 \SystemRoot\System32\drivers\Tppwr.sys
0xF6DEC000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF7AA3000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF7AAB000 \SystemRoot\System32\drivers\Smapint.sys
0xEE02D000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEDFBD000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7E53000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF79EB000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDF97000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xEDF39000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEDF1C000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEDE9D000 \SystemRoot\system32\drivers\NIS\1107000.00C\ccHPx 86.sys
0xEDDF1000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20100810.004\BHDrvx86.sys
0xF64C1000 \SystemRoot\System32\drivers\ANC.SYS
0xF7A0B000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF7A1B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDDB1000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7D31000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7CA7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7ACB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7ECD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03E000 \SystemRoot\System32\ialmdev5.DLL
0xBF063000 \SystemRoot\System32\ialmdd5.DLL
0xF64D5000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7DDE000 \SystemRoot\system32\dla\tfsndres.sys
0xEDC5B000 \SystemRoot\system32\dla\tfsnifs.sys
0xEDCF9000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7D3B000 \SystemRoot\system32\dla\tfsnpool.sys
0xF7AF3000 \SystemRoot\system32\dla\tfsnboio.sys
0xF79CB000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7E3F000 \SystemRoot\system32\dla\tfsndrct.sys
0xEDB7A000 \SystemRoot\system32\dla\tfsnudf.sys
0xEDB61000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEDCC5000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEDCB9000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xEDB35000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xED804000 \SystemRoot\system32\drivers\wdmaud.sys
0xED989000 \SystemRoot\system32\drivers\sysaudio.sys
0xED691000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xED8F1000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xEDAC1000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xED8D5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xED572000 \SystemRoot\System32\DRIVERS\srv.sys
0xF7D51000 \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
0xECEA1000 \SystemRoot\System32\Drivers\HTTP.sys
0xEC98B000 \??\C:\DOCUME~1\Nick\LOCALS~1\Temp\fgtdapow.sys
0xEC827000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF7D05000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 57):
0 System Idle Process
4 System
464 C:\WINDOWS\system32\smss.exe
824 csrss.exe
848 C:\WINDOWS\system32\winlogon.exe
892 C:\WINDOWS\system32\services.exe
904 C:\WINDOWS\system32\lsass.exe
1084 C:\WINDOWS\system32\ibmpmsvc.exe
1144 C:\WINDOWS\system32\svchost.exe
1212 svchost.exe
1356 C:\WINDOWS\system32\svchost.exe
1460 C:\WINDOWS\system32\svchost.exe
1556 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1584 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1688 svchost.exe
1912 svchost.exe
1920 C:\WINDOWS\explorer.exe
500 C:\WINDOWS\system32\spoolsv.exe
1888 svchost.exe
2004 C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
2040 C:\Program Files\Java\jre6\bin\jqs.exe
176 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
1776 C:\WINDOWS\system32\QCONSVC.EXE
632 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
676 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
816 C:\WINDOWS\system32\svchost.exe
1160 C:\WINDOWS\system32\TpKmpSvc.exe
2272 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
2712 alg.exe
3000 C:\WINDOWS\system32\tp4serv.exe
3008 C:\WINDOWS\system32\igfxtray.exe
3028 C:\WINDOWS\system32\hkcmd.exe
3060 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
3080 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
3088 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
3096 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
3228 C:\WINDOWS\system32\dla\tfswctrl.exe
3272 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
3320 C:\IBMTOOLS\utils\ibmprc.exe
3392 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
3448 C:\WINDOWS\system32\rundll32.exe
3496 C:\WINDOWS\system32\rundll32.exe
3568 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
3588 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
3748 C:\Program Files\Winamp\winampa.exe
3800 C:\Program Files\QuickTime\qttask.exe
3868 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
3992 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4084 C:\Program Files\Messenger\msmsgs.exe
1280 C:\WINDOWS\system32\ctfmon.exe
528 C:\Program Files\Free Download Manager\fdm.exe
760 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
1740 C:\Program Files\Digital Line Detect\DLG.exe
1668 C:\WINDOWS\system32\svchost.exe
3684 C:\Program Files\Internet Explorer\iexplore.exe
2264 C:\Program Files\Internet Explorer\iexplore.exe
2176 C:\Documents and Settings\Nick\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541040G9AT00, Rev: MB2IA60A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BF296BFFF329A82DCFE70858BDC4B9E5FA99F1CE


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

OTL

OTL logfile created on: 13/09/2010 12:17:41 - Run 4
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

758.00 Mb Total Physical Memory | 271.00 Mb Available Physical Memory | 36.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.75 Gb Total Space | 6.41 Gb Free Space | 19.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/07 12:03:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
PRC - [2010/02/26 0150 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/01/31 03:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/21 18:14:50 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006/06/01 14:32:12 | 000,094,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/07/13 04:55:00 | 000,094,208 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\tp4serv.exe
PRC - [2005/06/06 22:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005/03/18 12:07:00 | 000,086,016 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2005/03/18 12:07:00 | 000,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2005/03/04 02:10:32 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2005/02/18 16:05:30 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/02/18 16:03:38 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/02/18 16:02:24 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/09/07 01:03:52 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/07/22 11:01:00 | 000,442,368 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2004/04/01 11:52:06 | 001,368,064 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/03/26 15:40:54 | 000,794,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2004/03/19 2210 | 000,339,968 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/03/19 21:12:10 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/02/26 10:26:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2004/01/26 12:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PRC - [2003/12/25 11:04:00 | 000,208,896 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
PRC - [2003/10/29 12:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/01/11 00:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe


========== Modules (SafeList) ==========

MOD - [2010/09/07 12:03:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
MOD - [2010/05/14 06:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\PsaSrv.exe -- (PsaSrv)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/02 19:00:37 | 001,355,928 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/26 0150 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2005/06/06 22:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/03/18 12:07:00 | 000,077,824 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2005/02/18 16:05:30 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2005/02/18 16:03:38 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2005/02/18 16:02:24 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004/03/19 2210 | 000,339,968 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2004/02/26 10:26:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMRED RV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDI S.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS .SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW. SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS .SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10633.sys -- (EraserUtilDrv10633)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/08/19 01:02:20 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/18 11:23:59 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100912.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/18 11:23:59 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/18 11:23:59 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100912.005\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/10 02:11:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/12 09:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/02 05:32:01 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 20:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0100909.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/06 05:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI .SYS -- (SYMTDI)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx8 6.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA .SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP. SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX .SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/27 15:30:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx8 6.sys -- (ccHP)
DRV - [2009/08/30 01:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS. SYS -- (SymDS)
DRV - [2008/04/13 19:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2005/11/04 21:22:14 | 000,013,312 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/08/31 02:50:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/08/31 02:50:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/07/13 04:55:00 | 000,013,840 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2005/04/20 02:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005/03/18 12:07:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2005/03/18 12:07:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/03/18 12:07:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2005/02/14 17:00:10 | 003,255,168 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/10/15 19:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/09/24 02:39:58 | 000,064,256 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/09/07 01:03:46 | 000,016,370 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2004/09/02 10:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/09/02 10:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/09/02 10:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/09/02 10:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/09/02 10:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/09/02 10:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/09/02 10:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/09/02 10:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/09/02 10:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/17 1200 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 07:41:36 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2004/07/23 00:25:58 | 000,197,888 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/07/23 00:24:52 | 000,676,096 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/07/23 00:24:20 | 001,041,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/07/15 11:31:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2004/07/14 20:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 20:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/07/14 1100 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/02/26 10:26:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003/12/08 12:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 12:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2003/09/19 10:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/11/01 12:57:14 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage)
DRV - [2001/08/17 23:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 23:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 23:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 23:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 23:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 22:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 22:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 22:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 22:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 22:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 22:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 22:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 22:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 22:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 22:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 22:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)
DRV - [2001/08/17 21:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2000/06/01 05:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA059 1-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/06/03 20:54:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F365 1-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/02/27 16:02:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2001/08/18 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe ()
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [fsm] File not found
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKLM..\RunOnce: [SymLnch] C:\Documents and Settings\Nick\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Su pport\SymLnch\SymLnch.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1137020075036 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ll-141-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Nick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Nick\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/17 09:04:58 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVX - DivX.dll File not found
Drivers32: vidc.ffds - C:\Program Files\ffdshow\ffdshow.ax ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\HUFFYUV.DLL (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.JPEG - C:\WINDOWS\System32\JPEGCODE.DLL ()
Drivers32: VIDC.MPEG - C:\WINDOWS\System32\JPEGCODE.DLL ()
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - divx.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/07 12:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\SPYWARE LOGS
[2010/09/07 12:03:07 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/09/07 10:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Malwarebytes
[2010/09/07 10:43:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/07 10:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/07 10:43:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/07 10:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 10:42:36 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nick\Desktop\mbam-setup-1.46.exe
[2010/09/07 10:18:41 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\TFC.exe
[2010/09/07 10:16:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/07 10:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/07 10:12:45 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2010/08/06 01:37:30 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/06 01:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Sunbelt Software
[2010/08/06 01:34:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/05 21:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2007/04/07 22:50:34 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2006/01/20 21:46:27 | 006,717,292 | ---- | C] (KL ) -- C:\Program Files\realalt146.exe
[2005/11/23 17:24:59 | 000,543,232 | ---- | C] (Joshua F. Madison) -- C:\Program Files\Convert.exe

========== Files - Modified Within 90 Days ==========

[2010/09/12 23:15:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/12 23:14:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/12 23:14:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/12 23:14:34 | 795,332,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/12 23:13:22 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\Nick\NTUSER.DAT
[2010/09/12 23:13:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nick\ntuser.ini
[2010/09/12 21:31:40 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3DDD59D2-7E99-4B23-BD0B-883C816984FF}.job
[2010/09/09 21:29:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/07 12:03:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/09/07 11:57:29 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\MBRCheck.exe
[2010/09/07 11:30:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\vsr893uo.exe
[2010/09/07 10:43:55 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 10:42:36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nick\Desktop\mbam-setup-1.46.exe
[2010/09/07 10:18:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\TFC.exe
[2010/09/07 10:15:43 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/07 10:15:21 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2010/09/07 10:15:20 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2010/09/07 10:12:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2010/09/06 20:00:00 | 000,000,738 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Nick.job
[2010/09/05 16:00:05 | 000,823,226 | -H-- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\IconCache.db
[2010/09/03 03:07:34 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Arcade Fire - Libs Reading 2010.xls
[2010/09/02 10:50:24 | 000,000,246 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Google.url
[2010/08/27 18:08:16 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Dave Evans Mortgage Calculations.xls
[2010/08/23 1709 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\My Network Places.lnk
[2010/08/22 1833 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 15:00:21 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/08/20 17:51:15 | 000,052,316 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\mathsmockf1ms_nocalc.pdf
[2010/08/20 17:12:26 | 000,134,693 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\mathsmockf1_nocalc.pdf
[2010/08/18 2306 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Thon - Big Chill Videod.xls
[2010/08/11 20:59:44 | 000,103,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 20:53:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/09 01:32:20 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Birmingham 12.08.2010.xls
[2010/08/07 23:52:40 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Paul McCartney - Hard Rock 2010.xls
[2010/08/07 19:44:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 01:34:12 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/06 01:34:12 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/30 17:44:00 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\August 2010 Things To Do.xls
[2010/07/30 15:41:31 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\EDF Energy 1.Aug.2010 - 30.June.2011.xls
[2010/07/28 19:08:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/22 00:22:15 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Sea Life Centre.xls
[2010/07/17 11:54:27 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Beatles Cartoons - Rar.xls
[2010/07/17 11:12:49 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/14 11:41:42 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Beatles - Cartoons Links.xls
[2010/07/12 13:24:53 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\GP Rugby Telly Wks 1-7 2010.xls
[2010/07/12 09:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/12 09:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/11 21:26:34 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\TOSHIBA SD-190E.xls
[2010/07/01 01:35:05 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/28 14:34:23 | 003,751,338 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\PunterPlatinumPackage.zip
[2010/06/25 23:45:36 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Paul Mccartney Set Lists.xls
[2010/06/24 23:20:56 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Miley Cyrus - RIO DVD 2010.xls
[2010/06/21 00:53:05 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Green Day - Wembley Stadium 19.06.2010.xls
[2010/06/19 00:30:18 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\The Strokes - Eurockeenes.xls
[2010/06/19 00:22:19 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Nick\default.pls
[2010/06/17 16:18:20 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\MUSE Singles.xls
[2010/06/17 0135 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\MUSE VIDEOS.xls
[2010/06/16 20:19:13 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Bonofan EMail.xls
[2010/06/16 20:18:59 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\U2 Bonofan EMail.xls

========== Files Created - No Company Name ==========

[2010/09/07 11:57:26 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\MBRCheck.exe
[2010/09/07 11:30:35 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\vsr893uo.exe
[2010/09/07 10:43:54 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 10:15:43 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/07 10:15:20 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2010/09/07 10:15:20 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2010/09/03 03:07:33 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Arcade Fire - Libs Reading 2010.xls
[2010/08/27 18:08:14 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Dave Evans Mortgage Calculations.xls
[2010/08/23 1709 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\My Network Places.lnk
[2010/08/22 1833 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/20 17:51:14 | 000,052,316 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\mathsmockf1ms_nocalc.pdf
[2010/08/20 17:12:24 | 000,134,693 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\mathsmockf1_nocalc.pdf
[2010/08/10 04:07:08 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Thon - Big Chill Videod.xls
[2010/08/08 23:20:19 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Birmingham 12.08.2010.xls
[2010/08/06 01:34:12 | 000,000,927 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/06 01:34:12 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/30 15:41:12 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\EDF Energy 1.Aug.2010 - 30.June.2011.xls
[2010/07/30 00:08:30 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\August 2010 Things To Do.xls
[2010/07/22 00:22:15 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Sea Life Centre.xls
[2010/07/17 11:54:21 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Beatles Cartoons - Rar.xls
[2010/07/12 22:19:37 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Beatles - Cartoons Links.xls
[2010/07/12 1221 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\GP Rugby Telly Wks 1-7 2010.xls
[2010/07/11 21:26:22 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\TOSHIBA SD-190E.xls
[2010/07/06 14:41:03 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Paul McCartney - Hard Rock 2010.xls
[2010/06/28 14:35:12 | 003,107,975 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Trap The Winner.pdf
[2010/06/28 14:35:12 | 000,798,103 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\stop at a winner.pdf
[2010/06/28 14:35:12 | 000,389,830 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\AlphaFav.pdf
[2010/06/28 14:33:15 | 003,751,338 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\PunterPlatinumPackage.zip
[2010/06/25 23:45:35 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Paul Mccartney Set Lists.xls
[2010/06/24 22:02:22 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Miley Cyrus - RIO DVD 2010.xls
[2010/06/20 16:40:42 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Green Day - Wembley Stadium 19.06.2010.xls
[2010/06/17 23:16:19 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\The Strokes - Eurockeenes.xls
[2010/06/17 15:05:50 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\MUSE Singles.xls
[2010/06/17 0135 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\MUSE VIDEOS.xls
[2010/06/16 20:19:11 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Bonofan EMail.xls
[2010/06/16 20:18:59 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\U2 Bonofan EMail.xls
[2009/06/03 22:09:39 | 007,514,964 | ---- | C] () -- C:\Program Files\MP3MusicEditor.zip
[2007/07/08 01:07:47 | 018,164,640 | ---- | C] () -- C:\Program Files\aaw2007.exe
[2007/07/07 1845 | 008,429,056 | ---- | C] () -- C:\Program Files\Nero.Mega.Plugin.Pack.msi
[2006/09/01 22:09:21 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2006/09/01 22:08:34 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/01 22:08:34 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\2606A43A81.sys
[2006/08/14 01:44:56 | 005,474,648 | ---- | C] () -- C:\Program Files\easyradio1.4estversion.exe
[2006/06/08 21:05:43 | 000,102,912 | R--- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL
[2006/01/24 23:24:02 | 055,802,291 | ---- | C] () -- C:\Program Files\ArcticDemos.zip
[2006/01/15 12:04:27 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/12 1333 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/28 13:26:20 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2005/11/28 10:46:06 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/11/24 23:59:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/04 21:29:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/04 21:27:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2005/11/04 21:26:57 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/11/04 21:26:57 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005/11/04 21:26:20 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2005/11/04 21:14:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/04 21:14:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/04 21:14:14 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/04 21:14:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/04 21:14:14 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/04 21:14:14 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/04 21:13:38 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/04 21:07:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2005/11/04 21:06:49 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2005/11/04 21:06:23 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2005/11/04 20:49:36 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/11/09 02:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/09/01 16:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/03/19 21:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/03/19 21:12:10 | 000,019,692 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/01/09 15:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/02/21 18:36:47 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/10/06 19:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/05 00:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/10/05 00:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/05 00:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/03/21 16:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1980/01/01 09:00:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[1980/01/01 09:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 09:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[1980/01/01 09:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2005/11/23 16:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/09/17 16:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2005/11/04 21:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2008/10/09 13:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/12/23 22:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/06 01:34:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2005/12/01 21:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\ACD Systems
[2010/09/13 12:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Free Download Manager
[2009/05/07 12:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\GSplit
[2005/11/23 23:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\IBM
[2006/01/05 00:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\InterVideo
[2009/12/24 22:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\qs
[2010/09/12 22:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Software Informer
[2010/03/19 12:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Tific
[2010/09/09 21:29:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2005/11/24 02:03:39 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
[2010/09/12 21:31:40 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3DDD59D2-7E99-4B23-BD0B-883C816984FF}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/12 23:14:32 | 000,035,153 | ---- | M] () -- C:\aaw7boot.log
[2005/11/17 09:04:58 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2005/11/17 09:03:45 | 000,000,184 | RHS- | M] () -- C:\BOOT.INI
[2005/11/04 21:09:16 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2005/11/04 21:30:50 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2003/02/21 18:11:18 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2005/11/04 21:28:34 | 000,000,355 | ---- | M] () -- C:\ccrrec.ver
[2005/11/17 09:04:58 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2005/11/04 21:13:00 | 000,000,756 | ---- | M] () -- C:\drivez.log
[2010/09/12 23:14:34 | 795,332,608 | -HS- | M] () -- C:\hiberfil.sys
[2005/11/17 09:04:58 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/11/04 21:11:18 | 000,000,164 | ---- | M] () -- C:\LOGFILE.txt
[2005/11/22 19:17:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/11/04 20:54:08 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/16 15:26:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/12 23:14:32 | 390,070,272 | -HS- | M] () -- C:\pagefile.sys
[2005/11/04 20:49:36 | 000,001,515 | ---- | M] () -- C:\SYSLEVEL.IBM
[2005/11/04 20:48:32 | 000,000,044 | ---- | M] () -- C:\TCPACHIP.LOG
[2005/11/23 01:14:01 | 027,262,976 | ---- | M] () -- C:\VIRTPART.DAT

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/02/21 18:29:04 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2002/10/10 22:07:40 | 000,055,408 | ---- | M] () -- C:\WINDOWS\1024 x 768 IBM Americas Map.jpg

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2007/07/08 01:07:47 | 018,164,640 | ---- | M] () -- C:\Program Files\aaw2007.exe
[2006/01/24 23:24:05 | 055,802,291 | ---- | M] () -- C:\Program Files\ArcticDemos.zip
[2003/05/21 19:37:56 | 000,543,232 | ---- | M] (Joshua F. Madison) -- C:\Program Files\Convert.exe
[2006/08/14 01:44:56 | 005,474,648 | ---- | M] () -- C:\Program Files\easyradio1.4estversion.exe
[2007/04/07 22:50:34 | 015,505,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2009/06/03 22:09:39 | 007,514,964 | ---- | M] () -- C:\Program Files\MP3MusicEditor.zip
[2007/07/07 1845 | 008,429,056 | ---- | M] () -- C:\Program Files\Nero.Mega.Plugin.Pack.msi
[2006/01/20 21:46:33 | 006,717,292 | ---- | M] (KL ) -- C:\Program Files\realalt146.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/02/21 18:18:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/02/21 18:18:08 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/02/21 18:18:08 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/16 15:36:11 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2005/11/17 09:05:19 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/05/02 14:46:26 | 000,000,153 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Wizard of Wishaw.url

< %USERPROFILE%\Desktop\*.exe >
[2010/09/07 10:12:56 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2006/02/24 00:43:36 | 011,817,800 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Nick\Desktop\GoogleEarth.exe
[2010/09/07 10:42:36 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nick\Desktop\mbam-setup-1.46.exe
[2010/09/07 11:57:29 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\MBRCheck.exe
[2010/09/07 12:03:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/09/07 10:18:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\TFC.exe
[2010/09/07 11:30:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\vsr893uo.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2008/07/31 15:25:33 | 019,153,264 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\aaw2008.exe
[2009/05/19 15:10:33 | 054,364,552 | ---- | M] (Online Media Technologies Ltd. ) -- C:\Documents and Settings\Nick\My Documents\AVSVideoConverter.exe
[2009/09/17 15:58:11 | 006,709,566 | ---- | M] (FreeDownloadManager.ORG ) -- C:\Documents and Settings\Nick\My Documents\fdminst3.exe
[2010/02/27 15:25:00 | 084,610,904 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Nick\My Documents\NIS10UPEN.exe
[2010/06/08 20:09:34 | 002,678,784 | -HS- | M] () -- C:\Documents and Settings\Nick\My Documents\OyG05e_save2pc.exe
[2007/01/04 00:01:32 | 019,666,504 | ---- | M] (Apple Computer, Inc.) -- C:\Documents and Settings\Nick\My Documents\QuickTimeInstaller.exe
[2007/03/23 01:35:11 | 025,755,448 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Nick\My Documents\wmp11-windowsxp-x86-enu.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2005/11/17 09:05:18 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Nick\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/13 12:17:21 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Nick\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2005/02/22 17:31:10 | 000,487,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/08/20 21:32:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 21:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 21:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 15:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/21 00:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/08/21 05:29:48 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/08/21 05:30:06 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/08/21 05:30:06 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 21:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 20:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[2002/08/14 15:03:38 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


< >

< >

< Read more: http://www.d-a-l.com/help/spyware-ad...#ixzz0zPJpFfVl >
Invalid Switch: 68933-read-first-important-instructions-updated.html#ixzz0zPJpFfVl

< End of report >

Final OTL will be in next post. Thanks.

Hi Broni,

Final log is below.

OTL Extras

I ran OTL twice but both times it only opened one notepad. However, I ran OTL last week on my laptop, as a dry run before starting on my desk. I wanted to feel confident before starting on my main machineto be honest... and at that time it did give me an extras file which is below. Sorry once again if I messed up!

OTL Extras logfile created on: 07/09/2010 12:22:59 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

758.00 Mb Total Physical Memory | 328.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.75 Gb Total Space | 6.65 Gb Free Space | 20.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [File Finder...] -- C:\Program Files\VCOM\PowerDesk\pdfind.exe /PATH:%1 (V Communications, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
AntiVirusDisableNotify = 0
FirewallDisableNotify = 0
UpdatesDisableNotify = 0
AntiVirusOverride = 0
FirewallOverride = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
DisableMonitoring = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
DisableMonitoring = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
DisableMonitoring = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
139:TCP = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
445:TCP = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
137:UDP = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
138:UDP = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
EnableFirewall = 0
DoNotAllowExceptions = 0
DisableNotifications = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
1900:UDP = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
2869:TCP = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
139:TCP = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
445:TCP = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
137:UDP = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
138:UDP = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe = %ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:ena bled:Java launcher -- (IBM)
%ProgramFiles%\IBM\Updater\jre\bin\java.exe = %ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enab led:Java launcher -- (IBM)
C:\Program Files\IBM\Updater\jre\bin\java.exe = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher -- (IBM)
C:\Program Files\IBM\Updater\jre\bin\javaw.exe = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM)
C:\Program Files\IBM\Updater\ucsmb.exe = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:UC Tray Icon -- (IBM Corporation, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe = %ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:ena bled:Java launcher -- (IBM)
%ProgramFiles%\IBM\Updater\jre\bin\java.exe = %ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enab led:Java launcher -- (IBM)
C:\Program Files\IBM\Updater\jre\bin\java.exe = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher -- (IBM)
C:\Program Files\IBM\Updater\jre\bin\javaw.exe = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher -- (IBM)
C:\Program Files\IBM\Updater\ucsmb.exe = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:UC Tray Icon -- (IBM Corporation, Inc.)
C:\Program Files\Media Player Classic\mplayerc.exe = C:\Program Files\Media Player Classic\mplayerc.exe:*isabled:Media Player Classic -- (Gabest)
C:\Documents and Settings\Nick\Local Settings\Temp\WZSE0.TMP\SymNRT.exe = C:\Documents and Settings\Nick\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norto n Removal Tool -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
{00030409-78E1-11D2-B60F-006097C998E7} = Microsoft Office 2000 Small Business
{09DA4F91-2A09-4232-AB8C-6BC740096DE3} = Sonic Update Manager
{1007F41F-7D69-468E-8017-3849A5A973C2} = IBM ThinkVantage Technologies Welcome Message
{11783F13-C3A9-44A8-929B-21A476F65272} = IBM Rescue and Recovery with Rapid Restore
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} = IBM DLA
{16906D21-0656-4F8B-9A01-C3D24B5401FC} = Intel(R) PROSet for Wired Connections
{18D10072035C4515918F7E37EAFAACFC} = AutoUpdate
{1F7CCFA3-D926-4882-B2A5-A0217ED25597} = PC-Doctor for Windows
{2111B23F-7FDA-4A41-8309-E5A1663CA296} = ThinkPad Keyboard Customizer Utility
{22B71A00-4DED-11D4-A5E5-0004AC564F43} = IBM Access Connections
{23FB368F-1399-4EAC-817C-4B83ECBE3D83} = mProSafe
{26A24AE4-039D-4CA4-87B4-2F83216020FF} = Java(TM) 6 Update 21
{28DA872A-0848-48CF-B749-19A198157A2A} = mDriver
{2FCE4FC5-6930-40E7-A4F1-F862207424EF} = InterVideo WinDVD Creator
{338F08AB-C262-42C7-B000-34DE1A475273} = Ad-Aware Email Scanner for Outlook
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} = WebFldrs XP
{38A0BB97-772D-422E-BCCA-4BA2A5D81F42} = ACDSee 6.0 PowerPack
{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B} = Google Earth
{49600445-A05F-4933-831B-65422FAFD060} = GTs Betting Calculator 3.01
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{55FA89BD-21D3-42F7-9249-C94C0094A83C} = Apple Software Update
{60A86035-3EAD-401C-8C8F-5CB46977320F} = QuickSnooker
{62B002C5-1AB3-11D8-8092-00E018B21FC0} = USB Mass Storage Toolbox
{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} = Windows Genuine Advantage v1.3.0254.0
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} = MSIDVD
{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} = IBM 32-bit Runtime Environment for Java 2, v1.4.1
{6CE96A14-61E2-48CC-837E-22710A953ADE} = IBM Themes
{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A} = mCore
{7299052b-02a4-4627-81f2-1818da5d550d} = Microsoft Visual C++ 2005 Redistributable
{770657D0-A123-3C07-8E44-1C83EC895118} = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{7B63B2922B174135AFC0E1377DD81EC2} = DivX Pro Trial
{8A708DD8-A5E6-11D4-A706-000629E95E20} = Intel(R) Extreme Graphics 2 Driver
{8ADFC4160D694100B5B8A22DE9DCABD9} = DivX Player
{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} = mPfMgr
{8D815BF3-2399-459C-B121-49373FEFB9E8} = IBM Update Connector
{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} = InterVideo WinDVD
{9541FED0-327F-4DF0-8B96-EF57EF622F19} = IBM RecordNow!
{9CC89556-3578-48DD-8408-04E66EBEF401} = mXML
{AC76BA86-7AD7-1033-7B44-A82000000003} = Adobe Reader 8.2.4
{C4868E88-F5B5-4E45-9592-C7062BD97441} = Symantec Technical Support Web Controls
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} = Microsoft .NET Framework 1.1
{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7} = SpeedTouch USB Software
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} = Ad-Aware
{EA664480-3844-11D5-8C25-444553540000} = TrackPoint Accessibility Features
{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140} = Access IBM
{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} = QuickTime
{F0A37341-D692-11D4-A984-009027EC0A9C} = SoundMAX
{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} = mMHouse
{F333A33D-125C-32A2-8DCE-5C5D14231E27} = Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 = Visual C++ 2008 x86 Runtime - v9.0.30729.01
{F386C340-DF4B-4BBA-9503-420FB7EDB395} = Wallpapers
{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5} = Access IBM Message Center
{FC081D4D-DF1B-4CF1-B530-027E4118D846} = ThinkPad Configuration
{FC18317E-BB91-4502-8909-E5AB70BC1033} = Nero 7 Essentials
{FC561DD3-E864-41B1-8F48-3EC3DACBDB2D} = Digimax A4
{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} = mWlsSafe
AC3Filter = AC3Filter (remove only)
Ad-Aware = Ad-Aware
Adobe Flash Player ActiveX = Adobe Flash Player 10 ActiveX
Adobe SVG Viewer = Adobe SVG Viewer 3.0
ALZip_is1 = ALZip
ArbSurfer_is1 = ArbSurfer 1.0
AVS4YOU Software Navigator_is1 = AVS4YOU Software Navigator 1.2
AVS4YOU Video Converter 6_is1 = AVS Video Converter 6
CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014 = IBM Integrated 56K Modem
CoreVorbis Audio Decoder = CoreVorbis Audio Decoder (remove only)
Easy Radio 1.4 = Easy Radio 1.4
EasyEject Utility = IBM ThinkPad EasyEject Utility
ERUNT_is1 = ERUNT 1.1j
ExtractNow_is1 = ExtractNow
ffdshow = ffdshow (remove only)
FLAC = FLAC Installer 1.1.2a (remove only)
Free Download Manager_is1 = Free Download Manager 3.0
Free Videos To DVD_is1 = Free Videos To DVD V2.1
GSplit3Set = GSplit 3
IDNMitigationAPIs = Microsoft Internationalized Domain Names Mitigation APIs
ie7 = Windows Internet Explorer 7
ie8 = Windows Internet Explorer 8
InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} = IBM 32-bit Runtime Environment for Java 2, v1.4.1
Macromedia Shockwave Player = Macromedia Shockwave Player
Malwarebytes' Anti-Malware_is1 = Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 (1033) = Microsoft .NET Framework 1.1
mmswitch = Morgan Stream Switcher
MSCompPackV1 = Microsoft Compression Client Pack 1.0 for Windows XP
Myspace Video Downloader_is1 = Myspace Video Downloader 3.16
NIS = Norton Internet Security
NLSDownlevelMapping = Microsoft National Language Support Downlevel APIs
OggDS = Direct Show Ogg Vorbis Filter (remove only)
Paint Shop Pro 4.15 = Paint Shop Pro 4.15 SE
Power Features = IBM ThinkPad Battery MaxiMiser and Power Management Features
Power Management Driver = IBM ThinkPad Power Management Driver
PowerDesk5.0 = PowerDesk 5.0
Presentation Director = IBM ThinkPad Presentation Director
ProInst = Intel(R) PROSet/Wireless Software
PROSet = Intel(R) PRO Network Adapters and Drivers
RAR Recovery Toolbox_is1 = RAR Recovery Toolbox 1.1
RealAlt_is1 = Real Alternative 1.46
Safe Cracker 2.1 = Safe Cracker 2.1
Software Informer_is1 = Software Informer 1.0 BETA
ThinkPad FullScreen Magnifier = ThinkPad FullScreen Magnifier
ThinkPadSoftwareInstaller = Software Installer
TrackPoint = ThinkPad TrackPoint Driver
Winamp = Winamp (remove only)
Windows Media Format Runtime = Windows Media Format 11 runtime
Windows Media Player = Windows Media Player 11
Windows XP Service Pack = Windows XP Service Pack 3
WinRAR archiver = WinRAR archiver
WMFDist11 = Windows Media Format 11 runtime
wmp11 = Windows Media Player 11
Wudf01000 = Microsoft User-Mode Driver Framework Feature Pack 1.0
XviD_is1 = XviD MPEG-4 Video Codec
YInstHelper = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/08/2010 17:09:00 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/08/2010 17:09:52 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/08/2010 17:10:23 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/08/2010 17:11:04 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 01/09/2010 09:33:51 | Computer Name = LAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 01/09/2010 09:33:59 | Computer Name = LAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 03/09/2010 15:06:40 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 8.2.3.231, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 03/09/2010 15:07:49 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 8.2.3.231, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 03/09/2010 15:08:10 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 8.2.3.231, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 03/09/2010 15:08:16 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 8.2.3.231, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 07/09/2010 05:19:57 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The IBM PM Service service terminated unexpectedly. It has done this
1 time(s).

Error - 07/09/2010 05:19:57 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The EvtEng service terminated unexpectedly. It has done this 1 time(s).

Error - 07/09/2010 05:19:57 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Spectrum24 Event Monitor service terminated unexpectedly. It
has done this 1 time(s).

Error - 07/09/2010 05:20:00 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The IBM Rapid Restore Ultra Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 07/09/2010 05:20:00 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 07/09/2010 05:20:02 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The QCONSVC service terminated unexpectedly. It has done this 1 time(s).

Error - 07/09/2010 05:20:02 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The RegSrvc service terminated unexpectedly. It has done this 1 time(s).

Error - 07/09/2010 05:20:03 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The SoundMAX Agent Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 07/09/2010 05:20:03 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034
Description = The IBM KCU Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 07/09/2010 05:20:06 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.


< End of report >

As always thanks for your help.

Your MBR doesn't look good...

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

Hi Bronhi,

Nothing but trouble me... thanks once again for your incredible kindness.

All seemed to go ok, here is the MBRCheck below.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 161):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7CCB000 \WINDOWS\system32\KDCOM.DLL
0xF7BDB000 \WINDOWS\system32\BOOTVID.dll
0xF777C000 ACPI.sys
0xF7CCD000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF776B000 pci.sys
0xF77CB000 isapnp.sys
0xF7BDF000 compbatt.sys
0xF7BE3000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF7D93000 pciide.sys
0xF7A4B000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF774D000 pcmcia.sys
0xF77DB000 MountMgr.sys
0xF772E000 ftdisk.sys
0xF7BE7000 ACPIEC.sys
0xF7D94000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF7A53000 PartMgr.sys
0xF77EB000 VolSnap.sys
0xF7716000 atapi.sys
0xF77FB000 disk.sys
0xF780B000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF76F6000 fltmgr.sys
0xF76A0000 SYMDS.SYS
0xF768E000 sr.sys
0xF781B000 Lbd.sys
0xF7661000 SYMEFA.SYS
0xF7A5B000 PxHelp20.sys
0xF764C000 drvmcdb.sys
0xF7635000 KSecDD.sys
0xF7622000 WudfPf.sys
0xF7595000 Ntfs.sys
0xF7568000 NDIS.sys
0xF754E000 Mup.sys
0xF786B000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7444000 \SystemRoot\System32\DRIVERS\ialmnt5.sys
0xF7430000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7B5B000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF740C000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7B63000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF70F1000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF70CD000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF787B000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7B6B000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7C8F000 \SystemRoot\System32\DRIVERS\tp4track.sys
0xF7B73000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF70B9000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7C93000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF7B7B000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
0xF788B000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7C97000 \SystemRoot\system32\drivers\pfc.sys
0xF7D09000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF789B000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF78AB000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7096000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7054000 \SystemRoot\system32\drivers\smwdm.sys
0xF7030000 \SystemRoot\system32\drivers\portcls.sys
0xF78BB000 \SystemRoot\system32\drivers\drmk.sys
0xF7014000 \SystemRoot\system32\drivers\aeaudio.sys
0xF6FE3000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF6ECA000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6E24000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7B83000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7ED7000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF78CB000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7C9F000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6E0D000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF78DB000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF78EB000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7B8B000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6DFC000 \SystemRoot\System32\DRIVERS\psched.sys
0xF78FB000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7B9B000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7BA3000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF794B000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7D0B000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF64C5000 \SystemRoot\System32\DRIVERS\update.sys
0xF7CB3000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF795B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF797B000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7D0D000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF74F5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE373000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SRTSP .SYS
0xF7C63000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF799B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7BC3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7C6B000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xEE354000 \SystemRoot\system32\drivers\NIS\1107000.00C\Ironx 86.SYS
0xF79DB000 \SystemRoot\system32\drivers\NIS\1107000.00C\SRTSP X.SYS
0xEE208000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100913.048\NAVEX15.SYS
0xEE1E3000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xEE1CF000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100913.048\NAVENG.SYS
0xF7D8D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7E0D000 \SystemRoot\System32\Drivers\Null.SYS
0xF7D8F000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7AE3000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7AEB000 \SystemRoot\System32\drivers\vga.sys
0xF7D91000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7CCF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7AF3000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7AFB000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7C73000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xEE19C000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xEE143000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEE0C4000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SYMTD I.SYS
0xEE09E000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF7A0B000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xEE049000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0100910.001\IDSxpx86.sys
0xEE021000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEDFFF000 \SystemRoot\System32\drivers\afd.sys
0xF7A1B000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7B0B000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xF7B13000 \SystemRoot\System32\drivers\Tppwr.sys
0xF6DF8000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF7B23000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF7B2B000 \SystemRoot\System32\drivers\Smapint.sys
0xEDFB4000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEDF44000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7E55000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF784B000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDEE6000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xEDEC9000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xEDE4A000 \SystemRoot\system32\drivers\NIS\1107000.00C\ccHPx 86.sys
0xEDD9E000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20100901.003\BHDrvx86.sys
0xF6DE8000 \SystemRoot\System32\drivers\ANC.SYS
0xF792B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDD5E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7CE1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF64AD000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7B43000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7DD2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF03E000 \SystemRoot\System32\ialmdev5.DLL
0xBF063000 \SystemRoot\System32\ialmdd5.DLL
0xF79EB000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7E0B000 \SystemRoot\system32\dla\tfsndres.sys
0xEDC08000 \SystemRoot\system32\dla\tfsnifs.sys
0xEDCA6000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7D3F000 \SystemRoot\system32\dla\tfsnpool.sys
0xF7BB3000 \SystemRoot\system32\dla\tfsnboio.sys
0xF785B000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7E6C000 \SystemRoot\system32\dla\tfsndrct.sys
0xEDB27000 \SystemRoot\system32\dla\tfsnudf.sys
0xEDB0E000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEDB44000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEDAFE000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xEDACA000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xED7B1000 \SystemRoot\system32\drivers\wdmaud.sys
0xED946000 \SystemRoot\system32\drivers\sysaudio.sys
0xED63E000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xED8AE000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xEDCBE000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xED88E000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xED51F000 \SystemRoot\System32\DRIVERS\srv.sys
0xF7D15000 \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
0xECF16000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7DE4000 \??\C:\WINDOWS\GATHER.KM
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
768 C:\WINDOWS\system32\smss.exe
824 csrss.exe
848 C:\WINDOWS\system32\winlogon.exe
892 C:\WINDOWS\system32\services.exe
904 C:\WINDOWS\system32\lsass.exe
1088 C:\WINDOWS\system32\ibmpmsvc.exe
1148 C:\WINDOWS\system32\svchost.exe
1216 svchost.exe
1360 C:\WINDOWS\system32\svchost.exe
1408 C:\WINDOWS\system32\svchost.exe
1568 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1660 C:\WINDOWS\explorer.exe
1668 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1800 svchost.exe
1912 svchost.exe
336 C:\WINDOWS\system32\spoolsv.exe
1168 svchost.exe
1280 C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
1308 C:\Program Files\Java\jre6\bin\jqs.exe
1336 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
2016 C:\WINDOWS\system32\QCONSVC.EXE
136 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
196 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
204 C:\WINDOWS\system32\svchost.exe
232 C:\WINDOWS\system32\TpKmpSvc.exe
1480 C:\WINDOWS\system32\wuauclt.exe
2300 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
2316 alg.exe
2580 C:\WINDOWS\system32\tp4serv.exe
2604 C:\WINDOWS\system32\igfxtray.exe
2844 C:\WINDOWS\system32\hkcmd.exe
2940 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
3092 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
3108 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
3128 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
3176 C:\Program Files\IBM\Updater\jre\bin\javaw.exe
3184 C:\WINDOWS\system32\dla\tfswctrl.exe
3256 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
3264 C:\IBMTOOLS\utils\ibmprc.exe
3368 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
3392 C:\WINDOWS\system32\rundll32.exe
3432 C:\WINDOWS\system32\rundll32.exe
3656 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
3664 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
4020 C:\Program Files\Winamp\winampa.exe
4060 C:\Program Files\QuickTime\qttask.exe
440 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
528 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
628 C:\WINDOWS\system32\svchost.exe
812 C:\Program Files\Common Files\Java\Java Update\jusched.exe
596 C:\Program Files\Messenger\msmsgs.exe
1276 C:\WINDOWS\system32\ctfmon.exe
1344 C:\Program Files\Free Download Manager\fdm.exe
1416 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
2060 C:\Program Files\Digital Line Detect\DLG.exe
3604 C:\Program Files\IBM\Updater\ucgather.exe
3784 C:\Documents and Settings\Nick\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541040G9AT00, Rev: MB2IA60A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Take Care.

Looks good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Hi Bronhi,

Thanks once again for your kindness.

Please find enclosed the ComboFix log as requested.

ComboFix 10-09-14.04 - Nick 15/09/2010 13:36:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.758.279 [GMT 1:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pwdmon.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-15 to 2010-09-15 )))))))))))))))))))))))))))))))
.

2010-09-07 09:44 . 2010-09-07 09:44 -------- d-----w- c:\documents and settings\Nick\Application Data\Malwarebytes
2010-09-07 09:43 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 09:43 . 2010-09-07 09:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-07 09:43 . 2010-09-07 09:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 09:43 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 09:15 . 2010-09-07 09:15 -------- d-----w- c:\program files\ERUNT
2010-08-22 17:21 . 2010-08-22 17:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-17 13:17 . 2010-08-17 13:17 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-15 12:48 . 2007-07-10 20:25 -------- d-----w- c:\documents and settings\Nick\Application Data\Free Download Manager
2010-09-15 12:20 . 2009-09-17 15:01 -------- d-----w- c:\documents and settings\Nick\Application Data\Software Informer
2010-09-14 10:10 . 2005-11-17 08:04 15672 ----a-w- c:\documents and settings\Nick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-17 13:17 . 1980-01-01 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-06 00:34 . 2010-08-06 00:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-05 20:46 . 2010-08-05 20:46 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 20:46 . 2010-08-05 20:46 503808 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-3b9f8038-n\msvcp71.dll
2010-08-05 20:46 . 2010-08-05 20:46 499712 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-3b9f8038-n\jmc.dll
2010-08-05 20:46 . 2010-08-05 20:46 348160 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-3b9f8038-n\msvcr71.dll
2010-08-05 20:46 . 2010-08-05 20:46 61440 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-6681b181-n\decora-sse.dll
2010-08-05 20:46 . 2010-08-05 20:46 12800 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-6681b181-n\decora-d3d.dll
2010-08-05 20:45 . 2009-05-10 17:08 -------- d-----w- c:\program files\Java
2010-07-22 15:49 . 1980-01-01 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-16 20:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 04:00 . 2010-04-22 09:01 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-12 08:56 . 2010-08-06 00:34 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-12 08:55 . 2010-08-06 00:37 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-12 08:55 . 2010-04-01 20:35 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-30 12:31 . 1980-01-01 08:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 1980-01-01 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 1980-01-01 08:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1980-01-01 08:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 17:45 . 1980-01-01 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-06-17 14:03 . 1980-01-01 08:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2009-06-03 21:09 . 2009-06-03 21:09 7514964 ----a-w- c:\program files\MP3MusicEditor.zip
2007-07-08 00:07 . 2007-07-08 00:07 18164640 ----a-w- c:\program files\aaw2007.exe
2007-07-07 17:21 . 2007-07-07 17:21 8429056 ----a-w- c:\program files\Nero.Mega.Plugin.Pack.msi
2007-04-07 21:50 . 2007-04-07 21:50 15505200 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-08-14 00:44 . 2006-08-14 00:44 5474648 ----a-w- c:\program files\easyradio1.4estversion.exe
2006-01-24 22:24 . 2006-01-24 22:24 55802291 ----a-w- c:\program files\ArcticDemos.zip
2006-01-20 20:46 . 2006-01-20 20:46 6717292 ----a-w- c:\program files\realalt146.exe
2003-05-21 18:37 . 2005-11-23 16:24 543232 ----a-w- c:\program files\Convert.exe
2006-09-01 21:08 . 2006-09-01 21:08 56 --sh--r- c:\windows\system32\2606A43A81.sys
2006-09-01 21:08 . 2006-09-01 21:08 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 442368]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-09-17 1933381]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2009-03-08 638816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"TrackPointSrv"="tp4serv.exe" [2005-07-13 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-08-23 864256]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPH KMGR.exe" [2005-03-04 94208]
"TP4EX"="tp4ex.exe" [2005-08-24 40960]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp .Exe" [2003-12-25 208896]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-06-25 36864]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-07-22 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.d ll" [2005-04-20 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-20 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfE x.dll" [2005-04-20 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL " [2005-04-20 208896]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2003-08-06 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"SymLnch"="c:\documents and settings\Nick\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Su pport\SymLnch\SymLnch.exe" [2007-08-27 687976]

c:\documents and settings\Nick\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-4 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 11:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 04:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe "=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe" =
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/08/2010 01:37 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\ symds.sys [02/06/2010 05:43 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000 .00C\symefa.sys [02/06/2010 05:43 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20100901.003\BHDrvx86.sys [14/09/2010 08:51 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.0 0C\cchpx86.sys [02/06/2010 05:43 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C \ironx86.sys [02/06/2010 05:43 116784]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [04/11/2005 21:28 16384]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [02/06/2010 05:42 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [03/06/2010 20:36 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0100910.001\IDSXpx86.sys [14/09/2010 08:52 331640]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [01/01/1980 09:00 13840]
S3 EraserUtilDrv10633;EraserUtilDrv10633;\??\c:\progr am files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10633.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10633.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 09:55 1355928]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [19/08/2010 01:02 15008]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcnd isif.sys [04/11/2005 21:26 12288]
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 18:00]

2010-08-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2005-11-24 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2005-11-04 01:38]

2010-09-06 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Nick.job
- c:\program files\Norton Internet Security\Engine\17.7.0.12\navw32.exe [2010-06-02 05:34]

2010-09-15 c:\windows\Tasks\User_Feed_Synchronization-{3DDD59D2-7E99-4B23-BD0B-883C816984FF}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fsm - (no file)



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-15 13:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N IS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3728285452-2648404278-1276285051-1006\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(3320)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\tp4serv.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\rundll32.exe
.
************************************************** ************************
.
Completion time: 2010-09-15 14:01:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-15 13:01

Pre-Run: 5,883,580,416 bytes free
Post-Run: 6,234,570,752 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windo ws XP Home Edition" /fastdetect

- - End Of File - - 473DFBD9C104F9D0BEAB7B8628D88D43

Thanks Again!

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\2606A43A81.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

Hi Bronhi,

I hope you are well! Unfortunately I had a problem when trying to run combofix, and recieved the following message.

!!ALERT!! It is NOT SAFE to continue!

The contents of the Combofix has been compromised.

Please download a fresh copy from:

http://www.bleepingcomputer.com/comb...o-use-Combofix

Note:You may be infected with a file patching virus 'Virut'.

I decided to ask you first before doing anything else! I thought that would be the safest option.

Thanks once again!

Delete your Combofix file, download fresh one and try to run my fix again.