Solved Win32 bug and general malaise in WinXP

PCPom · 2010/08/06

[Resolved] Win32 bug and general malaise in WinXP

Hi

My laptop seems to have picked up an annoying Win32 bug that's causing access and running problems. In addition, I've noticed of late that its running slow, and I've just rid myself (I hope) of one of those AV Security bugs. Anyway, any help, pointers and the like are most welcome. Thanks in advance.

DDS logs below - these were run in Safe Mode as the laptop was having one of its 'moments' and wouldn't access IE...

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 22:30:22.90 on Fri 08/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.350 [GMT 10:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QCTRAY] c:\program files\thinkpad\connectutilities\QCTRAY.EXE
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [TPTRAY] c:\progra~1\thinkpad\utilit~1\TP98TRAY.EXE
mRun: [TP4EX] tp4ex.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [NPDTray] c:\progra~1\thinkpad\utilit~1\NPDTray.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Tgcmd] "c:\program files\support.com\bin\tgcmd.exe /server "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe "
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 6\PcSync2.exe" /NoDialog
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://webvpn.au.aecom.com/+CSCOL+/relayp.cab
DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281092211999
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [1980-1-1 88064]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-4-24 165456]
S1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2006-1-13 12288]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-24 17744]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-11 40384]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-11-13 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-11 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-11 40384]
S3 netnnpcc;Navini Networks PCMCIA Adapter;c:\windows\system32\drivers\netnnpcc.sys [2007-2-22 7555]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-5-5 11520]

=============== Created Last 30 ================

2010-08-06 12:05:32 0 d-----w- c:\program files\Perfect Optimizer
2010-08-04 10:48:40 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-08-04 10:47:17 0 d-sh--w- c:\documents and settings\administrator\IETldCache
2010-07-15 11:22:32 0 ----a-w- c:\windows\Jvawalocupuwowo.bin
2010-07-15 11:22:29 120 ----a-w- c:\windows\Npaha.dat
2010-07-12 11:57:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 11:57:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-12 11:57:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-12 11:57:24 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 11:48:27 1324 ----a-w- c:\windows\system32\d3d9caps.dat

==================== Find3M ====================

2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2008-10-24 23:30:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102520081026\index.dat

============= FINISH: 22:32:28.74 ===============
NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/13/2006 9:08:43 AM
System Uptime: 8/6/2010 10:27:12 PM (0 hours ago)

Motherboard: IBM | | 2366CH1
Processor: Mobile Intel(R) Pentium(R) 4 - M CPU 1.80GHz | None | 1794/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 8.812 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP674: 6/14/2010 7:40:38 PM - System Checkpoint
RP675: 6/15/2010 8:10:03 PM - System Checkpoint
RP676: 6/16/2010 8:15:22 PM - System Checkpoint
RP677: 6/17/2010 8:19:50 PM - System Checkpoint
RP678: 6/18/2010 8:25:24 PM - System Checkpoint
RP679: 6/21/2010 8:49:52 PM - System Checkpoint
RP680: 6/22/2010 9:01:05 PM - System Checkpoint
RP681: 6/23/2010 9:29:35 PM - System Checkpoint
RP682: 6/23/2010 10:55:27 PM - Software Distribution Service 3.0
RP683: 6/25/2010 7:32:56 PM - Software Distribution Service 3.0
RP684: 6/28/2010 8:41:17 PM - System Checkpoint
RP685: 6/30/2010 7:31:28 PM - System Checkpoint
RP686: 8/6/2010 7:50:18 PM - System Checkpoint
RP687: 8/6/2010 7:50:17 PM - System Checkpoint
RP688: 8/6/2010 7:50:16 PM - System Checkpoint
RP689: 8/6/2010 7:50:15 PM - System Checkpoint
RP690: 8/6/2010 7:50:13 PM - System Checkpoint
RP691: 8/6/2010 7:50:12 PM - System Checkpoint
RP692: 8/6/2010 7:50:11 PM - Removed IKEA Home Planner
RP693: 8/6/2010 7:49:57 PM - Removed SUPERAntiSpyware Free Edition
RP694: 8/6/2010 7:49:35 PM - System Checkpoint
RP695: 8/6/2010 7:49:30 PM - System Checkpoint
RP696: 8/6/2010 7:49:24 PM - System Checkpoint
RP697: 8/6/2010 7:49:15 PM - System Checkpoint
RP698: 8/6/2010 7:49:12 PM - System Checkpoint
RP699: 8/6/2010 7:49:09 PM - System Checkpoint
RP700: 8/6/2010 7:49:06 PM - System Checkpoint
RP701: 8/6/2010 7:49:04 PM - System Checkpoint
RP702: 8/6/2010 7:47:39 PM - System Checkpoint
RP703: 8/5/2010 6:44:34 PM - System Checkpoint
RP704: 8/6/2010 9:59:25 PM - Restore Operation
RP705: 8/6/2010 10:07:32 PM - Restore Operation

==== Installed Programs ======================

Access ThinkPad
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Agere Systems AC'97 Modem
Aironet Client Utility
ArcSoft Camera Suite 1.3
Askey ADSL Router USB Driver
ATI Display Driver
Audacity 1.2.4
avast! Free Antivirus
Camera Support Core Library
Canon Camera Access Library
Canon Camera Support Core Library
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Compatibility Pack for the 2007 Office system
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
IBM Access Connections
IBM Rapid Restore PC Setup
IBM ThinkPad Access Support
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM TrackPoint Accessibility Features
IBM Update Connector
Intel(R) PRO Ethernet Adapter and Software
InterVideo WinDVD
Java(TM) 6 Update 12
LiveUpdate Notice (Symantec Corporation)
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia PC Suite
Panda ActiveScan
PC Connectivity Solution
PC Inspector File Recovery
QuickTime
RAW Image Task 1.1
RealPlayer
Recuva (remove only)
RemoteCapture Task 1.0.3
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Skypeâ„¢ 4.1
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Support.com Software
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
UMVPLStandalone
Uninstall PC-Doctor
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
VideoLAN VLC media player 0.8.6d
WD SmartWare
WebFldrs XP
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem (10/12/2007 3.6)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

8/6/2010 7:47:25 PM, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 00096B939111 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
8/6/2010 10:29:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi eeCtrl Fips IBMTPCHK intelppm Smapint TDSMAPI TPHKDRV TPPWR
8/6/2010 10:11:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
8/5/2010 9:36:13 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/5/2010 8:55:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/5/2010 8:27:54 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
8/5/2010 8:06:04 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
8/5/2010 7:38:25 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
8/5/2010 7:38:25 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL. Reference error message: The operation completed successfully. .
8/5/2010 7:38:25 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
8/5/2010 7:37:39 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL. Reference error message: The operation completed successfully. .
8/5/2010 7:37:01 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL. Reference error message: The operation completed successfully. .
8/5/2010 7:36:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WD SmartWare Background Service service to connect.
8/5/2010 7:33:49 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/5/2010 7:33:49 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/5/2010 6:11:50 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/5/2010 6:11:48 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
8/4/2010 8:53:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/4/2010 8:53:38 PM, error: E100B [4] - Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down
8/4/2010 8:46:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi AVG Anti-Spyware Driver Avg7Core Avg7RsW Avg7RsXP eeCtrl Fips IBMTPCHK intelppm Smapint TDSMAPI TPHKDRV TPPWR
8/3/2010 7:13:49 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/31/2010 9:23:44 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/31/2010 2:04:38 PM, error: Dhcp [1002] - The IP address lease 10.1.1.2 for the Network Card with network address 00096B939111 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

broni · 2010/08/06

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

PCPom · 2010/08/06

Thanks Broni - MBAM log first...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4401

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/7/2010 1:45:39 PM
mbam-log-2010-08-07 (13-45-39).txt

Scan type: Quick scan
Objects scanned: 143530
Time elapsed: 21 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 8
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Perfect Optimizer (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Application (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FirstBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Registry\FullBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Backup\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\Temp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\HJ28RKQ3\PerfectOptimizer[1].exe (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\FreeUse.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer\PerfectOptimizer.ini (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

PCPom · 2010/08/06

And now GMER and MBR check. Thanks in advance for your help!

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-07 14:22:43
Windows 5.1.2600 Service Pack 3
Running: w9suyide.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kwniyaow.sys

---- Kernel code sections - GMER 1.0.15 ----

? npan.sys The system cannot find the file specified. !
LCODE C:\WINDOWS\System32\DRIVERS\PCX504.sys entry point in "LCODE" section [0xF7B005F6]

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 134):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8B36000 \WINDOWS\system32\KDCOM.DLL
0xF8A46000 \WINDOWS\system32\BOOTVID.dll
0xF8636000 npan.sys
0xF85E7000 ACPI.sys
0xF8B38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF85D6000 pci.sys
0xF8646000 isapnp.sys
0xF8A4A000 compbatt.sys
0xF8A4E000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8B3A000 intelide.sys
0xF88B6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF85B8000 pcmcia.sys
0xF8656000 MountMgr.sys
0xF8599000 ftdisk.sys
0xF8A52000 ACPIEC.sys
0xF8BFE000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF88BE000 PartMgr.sys
0xF8666000 VolSnap.sys
0xF8581000 atapi.sys
0xF8676000 disk.sys
0xF8686000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8561000 fltmgr.sys
0xF854F000 sr.sys
0xF8696000 PxHelp20.sys
0xF8538000 KSecDD.sys
0xF84AB000 Ntfs.sys
0xF847E000 NDIS.sys
0xF8464000 Mup.sys
0xF86A6000 agp440.sys
0xF8826000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7B4A000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF7B36000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8966000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7B12000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7AFC000 \SystemRoot\System32\DRIVERS\PCX504.sys
0xF7ADE000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8836000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF896E000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7A9D000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF8B48000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8976000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF897E000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8846000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8B1A000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7A89000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8986000 \SystemRoot\System32\DRIVERS\nscirda.sys
0xF8B1E000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF8B26000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF898E000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
0xF8856000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8B2A000 \SystemRoot\system32\drivers\pfc.sys
0xF8866000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8876000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7A66000 \SystemRoot\System32\DRIVERS\ks.sys
0xF79F1000 \SystemRoot\system32\drivers\smwdm.sys
0xF8CEB000 \SystemRoot\system32\drivers\SENSUPGD.SYS
0xF79CD000 \SystemRoot\system32\drivers\portcls.sys
0xF8896000 \SystemRoot\system32\drivers\drmk.sys
0xF8B4A000 \SystemRoot\system32\drivers\aeaudio.sys
0xF78BD000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF8996000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8CED000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF899E000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF89A6000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF8716000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8427000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7863000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8726000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8736000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7852000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8746000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF89B6000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF89BE000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7782000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF8756000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8B4C000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7724000 \SystemRoot\System32\DRIVERS\update.sys
0xF840F000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8786000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF87C6000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8B52000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8CDA000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B54000 \SystemRoot\System32\Drivers\Beep.SYS
0xF89DE000 \SystemRoot\System32\drivers\vga.sys
0xF8B56000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B58000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89E6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89EE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7BC2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF19E9000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF1990000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF87E6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF1940000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF191E000 \SystemRoot\System32\drivers\afd.sys
0xF18F8000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF87F6000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8806000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF89F6000 \SystemRoot\System32\drivers\Tppwr.sys
0xF8AEA000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF89FE000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF8A06000 \SystemRoot\System32\drivers\Smapint.sys
0xF180D000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF179D000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8D09000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF8886000 \SystemRoot\System32\Drivers\Fips.SYS
0xF171A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF16F3000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF8A1E000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF86F6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6A84000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8A26000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C4E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF047000 \SystemRoot\System32\ati3d1ag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF1970000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF08A4000 \SystemRoot\System32\DRIVERS\irda.sys
0xF0A26000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF0815000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF0058000 \SystemRoot\system32\drivers\wdmaud.sys
0xF047D000 \SystemRoot\system32\drivers\sysaudio.sys
0xF002B000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8B98000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEFE99000 \SystemRoot\System32\DRIVERS\srv.sys
0xF8B8E000 \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
0xF8946000 \SystemRoot\system32\drivers\LVPr2Mon.sys
0xF89CE000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xEF266000 \SystemRoot\System32\Drivers\HTTP.sys
0xEF097000 \??\C:\DOCUME~1\User\LOCALS~1\Temp\kwniyaow.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
648 C:\WINDOWS\system32\smss.exe
712 csrss.exe
736 C:\WINDOWS\system32\winlogon.exe
784 C:\WINDOWS\system32\services.exe
796 C:\WINDOWS\system32\lsass.exe
964 C:\WINDOWS\system32\ibmpmsvc.exe
992 C:\WINDOWS\system32\svchost.exe
1100 svchost.exe
1268 svchost.exe
1384 svchost.exe
1624 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1936 C:\WINDOWS\explorer.exe
348 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
356 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
368 C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
400 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
412 C:\WINDOWS\system32\rundll32.exe
424 C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
448 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
460 C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTRAY.EXE
472 C:\WINDOWS\AGRSMMSG.exe
480 C:\Program Files\QuickTime\qttask.exe
492 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
500 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
512 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
592 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
608 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
672 C:\Program Files\Java\jre6\bin\jusched.exe
692 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
112 C:\Program Files\Messenger\msmsgs.exe
1040 C:\WINDOWS\system32\ctfmon.exe
1048 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1084 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
1204 C:\Program Files\Skype\Phone\Skype.exe
1252 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
1696 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
1704 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
1748 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
1756 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
3120 C:\WINDOWS\system32\spoolsv.exe
3240 C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
3408 svchost.exe
3520 C:\WINDOWS\system32\ati2evxx.exe
3616 C:\Program Files\Java\jre6\bin\jqs.exe
3760 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
3968 C:\WINDOWS\system32\QCONSVC.EXE
4032 C:\WINDOWS\system32\svchost.exe
4080 wdfmgr.exe
268 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
1328 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2092 C:\Program Files\Canon\CAL\CALMAIN.exe
2856 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2916 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
704 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
2548 C:\WINDOWS\system32\dwwin.exe
3320 C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
4076 alg.exe
340 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
2140 C:\Program Files\Logitech\QuickCam10\COCIManager.exe
2340 C:\WINDOWS\system32\svchost.exe
1588 C:\Documents and Settings\User\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS548040M9AT00, Rev: MG2OA55A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4C8B6466C132CB19D9FCADF546658F91EF74A4AF

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

PCPom · 2010/08/06

BTW I'm in Australia, about 17 hours ahead of CA - just to explain why there may be a big time lag to my response.

broni · 2010/08/06

No problem

Rerun MBRCheck.
Enter 'Y' and hit ENTER for more options and select option 2.
When asked for physical disk number, enter 0 (zero).
Next, enter 1 (Windows XP) for MBR code.
Post resulting log.

PCPom · 2010/08/07

OK, here's the second MBR Check run - didn't go the extra step and fix the MBR code.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8B36000 \WINDOWS\system32\KDCOM.DLL
0xF8A46000 \WINDOWS\system32\BOOTVID.dll
0xF85E7000 ACPI.sys
0xF8B38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF85D6000 pci.sys
0xF8636000 isapnp.sys
0xF8A4A000 compbatt.sys
0xF8A4E000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8B3A000 intelide.sys
0xF88B6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF85B8000 pcmcia.sys
0xF8646000 MountMgr.sys
0xF8599000 ftdisk.sys
0xF8A52000 ACPIEC.sys
0xF8BFE000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF88BE000 PartMgr.sys
0xF8656000 VolSnap.sys
0xF8581000 atapi.sys
0xF8666000 disk.sys
0xF8676000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8561000 fltmgr.sys
0xF854F000 sr.sys
0xF8686000 PxHelp20.sys
0xF8538000 KSecDD.sys
0xF84AB000 Ntfs.sys
0xF847E000 NDIS.sys
0xF8464000 Mup.sys
0xF8696000 agp440.sys
0xF8836000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF839B000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF8387000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF894E000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF8363000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF834D000 \SystemRoot\System32\DRIVERS\PCX504.sys
0xF832F000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8846000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8956000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF82EE000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF8B54000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF895E000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8966000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8856000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8AFA000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF82DA000 \SystemRoot\System32\DRIVERS\parport.sys
0xF896E000 \SystemRoot\System32\DRIVERS\nscirda.sys
0xF8AFE000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF8B06000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF8976000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
0xF8866000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8B0A000 \SystemRoot\system32\drivers\pfc.sys
0xF8876000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8886000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF82B7000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8242000 \SystemRoot\system32\drivers\smwdm.sys
0xF8C4F000 \SystemRoot\system32\drivers\SENSUPGD.SYS
0xF821E000 \SystemRoot\system32\drivers\portcls.sys
0xF88A6000 \SystemRoot\system32\drivers\drmk.sys
0xF8B56000 \SystemRoot\system32\drivers\aeaudio.sys
0xF810E000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF897E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8C52000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8986000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF898E000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF8716000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8B1E000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF80CF000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8726000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8736000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF80BE000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8746000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8996000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF899E000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF808E000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF8756000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8B58000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7F90000 \SystemRoot\System32\DRIVERS\update.sys
0xF842F000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8776000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF87B6000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8B5C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8CC5000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B5E000 \SystemRoot\System32\Drivers\Beep.SYS
0xF89C6000 \SystemRoot\System32\drivers\vga.sys
0xF8B60000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B62000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89CE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89D6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8ACE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF2E92000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF2E39000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF87D6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF2E11000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF2DEF000 \SystemRoot\System32\drivers\afd.sys
0xF2DC9000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF87E6000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8806000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF89DE000 \SystemRoot\System32\drivers\Tppwr.sys
0xF8AE6000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF89E6000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF89EE000 \SystemRoot\System32\drivers\Smapint.sys
0xF2CB6000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF2C46000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8D69000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF8826000 \SystemRoot\System32\Drivers\Fips.SYS
0xF2BC3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF2B9C000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF8A06000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF86F6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF840F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8A0E000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D12000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF047000 \SystemRoot\System32\ati3d1ag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF2B7C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF19DC000 \SystemRoot\System32\DRIVERS\irda.sys
0xF1A66000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF194D000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF1768000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8BB8000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF16DB000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7FEE000 \SystemRoot\system32\drivers\sysaudio.sys
0xF15BC000 \SystemRoot\System32\DRIVERS\srv.sys
0xF8B6C000 \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
0xF8906000 \SystemRoot\system32\drivers\LVPr2Mon.sys
0xF0EE5000 \SystemRoot\System32\Drivers\HTTP.sys
0xF89FE000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
644 C:\WINDOWS\system32\smss.exe
708 csrss.exe
732 C:\WINDOWS\system32\winlogon.exe
780 C:\WINDOWS\system32\services.exe
792 C:\WINDOWS\system32\lsass.exe
956 C:\WINDOWS\system32\ibmpmsvc.exe
984 C:\WINDOWS\system32\svchost.exe
1096 svchost.exe
1244 svchost.exe
1364 svchost.exe
1608 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1956 C:\WINDOWS\system32\spoolsv.exe
2004 C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
216 svchost.exe
288 C:\WINDOWS\system32\ati2evxx.exe
360 C:\Program Files\Java\jre6\bin\jqs.exe
1200 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
1312 C:\WINDOWS\explorer.exe
1660 C:\WINDOWS\system32\QCONSVC.EXE
312 C:\WINDOWS\system32\svchost.exe
436 wdfmgr.exe
568 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
700 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2244 C:\Program Files\Canon\CAL\CALMAIN.exe
2284 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2300 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2316 C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
2340 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
2368 C:\WINDOWS\system32\rundll32.exe
2392 C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
2440 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
2484 C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTRAY.EXE
2520 C:\WINDOWS\AGRSMMSG.exe
2532 C:\Program Files\QuickTime\qttask.exe
2540 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
2556 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2572 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
2588 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
2604 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
2620 C:\Program Files\Java\jre6\bin\jusched.exe
2640 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
2748 C:\Program Files\Messenger\msmsgs.exe
3028 C:\WINDOWS\system32\ctfmon.exe
3152 alg.exe
3260 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3264 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
3368 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
3372 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
4028 C:\Program Files\Logitech\QuickCam10\COCIManager.exe
300 C:\Program Files\Skype\Phone\Skype.exe
220 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
1280 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
3652 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
2988 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
3580 C:\Program Files\Skype\Plugin Manager\skypePM.exe
688 C:\Program Files\Java\jre6\bin\jucheck.exe
3912 C:\WINDOWS\system32\svchost.exe
3360 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
192 C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
784 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
1192 C:\Documents and Settings\User\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS548040M9AT00, Rev: MG2OA55A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4C8B6466C132CB19D9FCADF546658F91EF74A4AF

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue:

broni · 2010/08/07

didn't go the extra step and fix the MBR code.
Click to expand...

What do you mean?
This is exactly, what I wanted you to do.

PCPom · 2010/08/07

"broni said: ↑

What do you mean?
This is exactly, what I wanted you to do.
Click to expand...

Sorry broni - prob followed your instructions a bit too literally! Anyway, rerun of MBR below. Will reboot following this post.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8B36000 \WINDOWS\system32\KDCOM.DLL
0xF8A46000 \WINDOWS\system32\BOOTVID.dll
0xF85E7000 ACPI.sys
0xF8B38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF85D6000 pci.sys
0xF8636000 isapnp.sys
0xF8A4A000 compbatt.sys
0xF8A4E000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8B3A000 intelide.sys
0xF88B6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF85B8000 pcmcia.sys
0xF8646000 MountMgr.sys
0xF8599000 ftdisk.sys
0xF8A52000 ACPIEC.sys
0xF8BFE000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF88BE000 PartMgr.sys
0xF8656000 VolSnap.sys
0xF8581000 atapi.sys
0xF8666000 disk.sys
0xF8676000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8561000 fltmgr.sys
0xF854F000 sr.sys
0xF8686000 PxHelp20.sys
0xF8538000 KSecDD.sys
0xF84AB000 Ntfs.sys
0xF847E000 NDIS.sys
0xF8464000 Mup.sys
0xF8696000 agp440.sys
0xF87D6000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF839B000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF8387000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF895E000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF8363000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF834D000 \SystemRoot\System32\DRIVERS\PCX504.sys
0xF832F000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF87E6000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8966000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF82EE000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF8B5A000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF896E000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8976000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF87F6000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8B12000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF82DA000 \SystemRoot\System32\DRIVERS\parport.sys
0xF897E000 \SystemRoot\System32\DRIVERS\nscirda.sys
0xF8B16000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF8B1E000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF8986000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
0xF8806000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8B22000 \SystemRoot\system32\drivers\pfc.sys
0xF8816000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8826000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF82B7000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8242000 \SystemRoot\system32\drivers\smwdm.sys
0xF8D07000 \SystemRoot\system32\drivers\SENSUPGD.SYS
0xF821E000 \SystemRoot\system32\drivers\portcls.sys
0xF8846000 \SystemRoot\system32\drivers\drmk.sys
0xF8B5C000 \SystemRoot\system32\drivers\aeaudio.sys
0xF810E000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF898E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8D08000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8996000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF899E000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF88A6000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF842F000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF80CF000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF86C6000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF86D6000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF80BE000 \SystemRoot\System32\DRIVERS\psched.sys
0xF86E6000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF89A6000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF89AE000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF808E000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF86F6000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8B5E000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7F90000 \SystemRoot\System32\DRIVERS\update.sys
0xF840F000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8716000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8756000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8B62000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D74000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B64000 \SystemRoot\System32\Drivers\Beep.SYS
0xF89CE000 \SystemRoot\System32\drivers\vga.sys
0xF8B66000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B68000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89D6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89DE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8AFE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF24F2000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF2499000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF8786000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF2449000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF2427000 \SystemRoot\System32\drivers\afd.sys
0xF2401000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF87A6000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF87B6000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF89EE000 \SystemRoot\System32\drivers\Tppwr.sys
0xF8102000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF89F6000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF89FE000 \SystemRoot\System32\drivers\Smapint.sys
0xF1696000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF1626000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8D1E000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF8836000 \SystemRoot\System32\Drivers\Fips.SYS
0xF15A3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF157C000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF8A26000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF804E000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF2485000 \SystemRoot\System32\drivers\Dxapi.sys
0xF88E6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8CFF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF047000 \SystemRoot\System32\ati3d1ag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF1484000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF12E6000 \SystemRoot\System32\DRIVERS\irda.sys
0xF153C000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF122F000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF1072000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8B72000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF0F2B000 \SystemRoot\System32\DRIVERS\srv.sys
0xF8BA8000 \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
0xF0B2E000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0B43000 \SystemRoot\system32\drivers\sysaudio.sys
0xF8A36000 \SystemRoot\system32\drivers\LVPr2Mon.sys
0xF8A3E000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF089A000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 62):
0 System Idle Process
4 System
648 C:\WINDOWS\system32\smss.exe
712 csrss.exe
744 C:\WINDOWS\system32\winlogon.exe
792 C:\WINDOWS\system32\services.exe
804 C:\WINDOWS\system32\lsass.exe
972 C:\WINDOWS\system32\ibmpmsvc.exe
1000 C:\WINDOWS\system32\svchost.exe
1108 svchost.exe
1152 C:\WINDOWS\system32\svchost.exe
1280 svchost.exe
1380 svchost.exe
1624 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
2016 C:\WINDOWS\system32\spoolsv.exe
200 C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
304 svchost.exe
412 C:\WINDOWS\system32\ati2evxx.exe
452 C:\Program Files\Java\jre6\bin\jqs.exe
528 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
1052 C:\WINDOWS\system32\QCONSVC.EXE
1260 C:\WINDOWS\system32\svchost.exe
1288 wdfmgr.exe
1348 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
1484 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
444 C:\Program Files\Canon\CAL\CALMAIN.exe
2140 C:\WINDOWS\explorer.exe
2184 alg.exe
3024 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3040 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3056 C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
3072 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
3088 C:\WINDOWS\system32\rundll32.exe
3112 C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
3148 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
3168 C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTRAY.EXE
3188 C:\WINDOWS\AGRSMMSG.exe
3212 C:\Program Files\QuickTime\qttask.exe
3228 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
3268 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3284 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
3304 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
3320 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
3352 C:\Program Files\Java\jre6\bin\jusched.exe
3376 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
3400 C:\Program Files\Messenger\msmsgs.exe
3420 C:\WINDOWS\system32\ctfmon.exe
3444 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3468 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
3884 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
3896 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
3964 C:\Program Files\Skype\Phone\Skype.exe
4072 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
1924 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
2628 C:\Program Files\Logitech\QuickCam10\COCIManager.exe
2956 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
180 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
2760 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
3368 C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
3952 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
196 C:\Program Files\Skype\Plugin Manager\skypePM.exe
1456 C:\Documents and Settings\User\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS548040M9AT00, Rev: MG2OA55A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4C8B6466C132CB19D9FCADF546658F91EF74A4AF

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.

Done!

broni · 2010/08/07

Please, reboot and post fresh MBRCheck log.

PCPom · 2010/08/08

MBRCheck log following reboot...

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8B36000 \WINDOWS\system32\KDCOM.DLL
0xF8A46000 \WINDOWS\system32\BOOTVID.dll
0xF85E7000 ACPI.sys
0xF8B38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF85D6000 pci.sys
0xF8636000 isapnp.sys
0xF8A4A000 compbatt.sys
0xF8A4E000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8B3A000 intelide.sys
0xF88B6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF85B8000 pcmcia.sys
0xF8646000 MountMgr.sys
0xF8599000 ftdisk.sys
0xF8A52000 ACPIEC.sys
0xF8BFE000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF88BE000 PartMgr.sys
0xF8656000 VolSnap.sys
0xF8581000 atapi.sys
0xF8666000 disk.sys
0xF8676000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8561000 fltmgr.sys
0xF854F000 sr.sys
0xF8686000 PxHelp20.sys
0xF8538000 KSecDD.sys
0xF84AB000 Ntfs.sys
0xF847E000 NDIS.sys
0xF8464000 Mup.sys
0xF8696000 agp440.sys
0xF87F6000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF839B000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF8387000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF892E000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF8363000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF834D000 \SystemRoot\System32\DRIVERS\PCX504.sys
0xF832F000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8806000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8936000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF82EE000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF8B56000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF893E000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8946000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8816000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8B0E000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF82DA000 \SystemRoot\System32\DRIVERS\parport.sys
0xF894E000 \SystemRoot\System32\DRIVERS\nscirda.sys
0xF8B12000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF8B16000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF8956000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
0xF8826000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8B1A000 \SystemRoot\system32\drivers\pfc.sys
0xF8836000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8846000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF82B7000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8242000 \SystemRoot\system32\drivers\smwdm.sys
0xF8C24000 \SystemRoot\system32\drivers\SENSUPGD.SYS
0xF821E000 \SystemRoot\system32\drivers\portcls.sys
0xF8866000 \SystemRoot\system32\drivers\drmk.sys
0xF8B58000 \SystemRoot\system32\drivers\aeaudio.sys
0xF810E000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF895E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8C25000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8966000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF896E000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF86D6000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8B2E000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF80CF000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF86E6000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF86F6000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF80BE000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8706000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8976000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF897E000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF808E000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF8716000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8B5A000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7F90000 \SystemRoot\System32\DRIVERS\update.sys
0xF841F000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8736000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8776000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8B5E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8C4C000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B60000 \SystemRoot\System32\Drivers\Beep.SYS
0xF899E000 \SystemRoot\System32\drivers\vga.sys
0xF8B62000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B64000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89A6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89AE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8ADE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF2ED5000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF2E7C000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF8796000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF2E54000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF2E32000 \SystemRoot\System32\drivers\afd.sys
0xF2E0C000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF87A6000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF87B6000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF89B6000 \SystemRoot\System32\drivers\Tppwr.sys
0xF8AF6000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF89BE000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF89C6000 \SystemRoot\System32\drivers\Smapint.sys
0xF2CF9000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF2C89000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8C61000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF87D6000 \SystemRoot\System32\Drivers\Fips.SYS
0xF2C06000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF2BDF000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF89E6000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF8886000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF2BBF000 \SystemRoot\System32\drivers\Dxapi.sys
0xF89F6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D14000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF047000 \SystemRoot\System32\ati3d1ag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF2BAF000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF2949000 \SystemRoot\System32\DRIVERS\irda.sys
0xF2A93000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF28BA000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF2635000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8BC4000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF258E000 \SystemRoot\System32\DRIVERS\srv.sys
0xF8BD4000 \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
0xF88D6000 \SystemRoot\system32\drivers\LVPr2Mon.sys
0xF88FE000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xF204D000 \SystemRoot\System32\Drivers\HTTP.sys
0xF21EE000 \SystemRoot\system32\drivers\sysaudio.sys
0xF8BE4000 \SystemRoot\system32\drivers\splitter.sys
0xF17E6000 \SystemRoot\system32\drivers\aec.sys
0xF805E000 \SystemRoot\system32\drivers\swmidi.sys
0xF20BE000 \SystemRoot\system32\drivers\DMusic.sys
0xF17BB000 \SystemRoot\system32\drivers\kmixer.sys
0xF8D40000 \SystemRoot\system32\drivers\drmkaud.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
636 C:\WINDOWS\system32\smss.exe
716 csrss.exe
740 C:\WINDOWS\system32\winlogon.exe
788 C:\WINDOWS\system32\services.exe
800 C:\WINDOWS\system32\lsass.exe
968 C:\WINDOWS\system32\ibmpmsvc.exe
996 C:\WINDOWS\system32\svchost.exe
1104 svchost.exe
1312 svchost.exe
1376 svchost.exe
1620 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1968 C:\WINDOWS\system32\spoolsv.exe
196 C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
272 svchost.exe
312 C:\WINDOWS\system32\ati2evxx.exe
404 C:\Program Files\Java\jre6\bin\jqs.exe
504 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
308 C:\WINDOWS\system32\QCONSVC.EXE
932 C:\WINDOWS\system32\svchost.exe
1252 wdfmgr.exe
1324 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
1484 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2040 C:\Program Files\Canon\CAL\CALMAIN.exe
1244 alg.exe
1172 C:\WINDOWS\explorer.exe
2300 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2972 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2652 C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
3012 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
3064 C:\WINDOWS\system32\rundll32.exe
3116 C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
3156 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
3168 C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTRAY.EXE
3184 C:\WINDOWS\AGRSMMSG.exe
3208 C:\Program Files\QuickTime\qttask.exe
3228 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
3244 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2892 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
3280 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
3304 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
3316 C:\Program Files\Java\jre6\bin\jusched.exe
3328 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
3392 C:\Program Files\Messenger\msmsgs.exe
3408 C:\WINDOWS\system32\ctfmon.exe
2648 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3472 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
3892 C:\Program Files\Skype\Phone\Skype.exe
3912 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
3956 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
3980 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
432 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
2248 C:\Program Files\Logitech\QuickCam10\COCIManager.exe
1332 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
3520 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
3484 C:\Program Files\Skype\Plugin Manager\skypePM.exe
3604 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
1384 C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
2480 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
1200 C:\WINDOWS\system32\svchost.exe
2148 C:\Documents and Settings\User\Desktop\MBRCheck.exe
2008 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS548040M9AT00, Rev: MG2OA55A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4C8B6466C132CB19D9FCADF546658F91EF74A4AF

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

broni · 2010/08/08

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

PCPom · 2010/08/08

Well, that was fun, in a tackle/vice interface moment type of fun! Took five goes before I got a clean run all the way through to the log - I think the settings on Avast were resetting to run with each reboot which seemed to make Combofix hang. Anyway, log below...

ComboFix 10-08-07.01 - User 08/08/2010 21:47:30.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.102 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\User\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\User\Local Settings\Temp\IadHide5.dll
.
---- Previous Run -------
.
c:\docume~1\User\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\User\Local Settings\Temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-04 10:48 . 2010-08-04 10:48 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-04 10:47 . 2010-08-04 10:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-15 11:22 . 2010-07-22 19:43 0 ----a-w- c:\windows\Jvawalocupuwowo.bin
2010-07-15 11:22 . 2010-07-23 12:14 120 ----a-w- c:\windows\Npaha.dat
2010-07-14 12:27 . 2010-07-14 12:27 -------- d-----w- c:\windows\Sun
2010-07-14 12:11 . 2010-07-14 12:42 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\njpvxrkmq
2010-07-12 11:57 . 2010-07-12 11:57 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-07-12 11:57 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 11:57 . 2010-07-12 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-12 11:57 . 2010-07-12 11:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 11:57 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-12 11:48 . 2010-08-03 09:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-11 11:17 . 2010-07-12 12:07 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\bxqndmsne

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 10:52 . 2008-06-18 10:22 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-08-08 10:12 . 2008-06-18 10:20 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-08-08 09:10 . 2007-08-12 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-06 12:05 . 2008-02-04 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7
2010-08-06 12:05 . 2007-10-17 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-08-06 12:05 . 2010-06-06 20:42 -------- d-----w- c:\documents and settings\User\Application Data\CameraWindowDC
2010-08-06 12:03 . 2008-01-23 08:35 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-08-06 12:02 . 2008-02-04 10:02 -------- d-----w- c:\documents and settings\User\Application Data\AVG7
2010-08-06 09:32 . 2008-01-23 08:35 -------- d-----w- c:\program files\uTorrent
2010-07-29 12:53 . 2006-04-13 11:36 -------- d-----w- c:\program files\CCleaner
2010-07-28 09:30 . 2010-07-14 10:19 452104 ----a-w- c:\documents and settings\User\Application Data\Real\Update\setup3.12\setup.exe
2010-07-24 10:39 . 2010-06-07 09:20 -------- d-----w- c:\documents and settings\User\Application Data\ZoomBrowser EX
2010-07-13 12:27 . 2007-10-17 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-13 12:21 . 2008-05-10 13:21 -------- d-----w- c:\program files\Yahoo!
2010-07-13 12:18 . 2009-04-19 08:53 -------- d-----w- c:\program files\IKEA HomePlanner
2010-06-29 11:37 . 2010-05-09 11:48 439816 ----a-w- c:\documents and settings\User\Application Data\Real\Update\setup3.10\setup.exe
2010-06-28 20:57 . 2010-06-29 09:32 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-04-23 18:47 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-04-23 18:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-04-23 18:48 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-04-23 18:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-04-23 18:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-04-23 18:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-04-23 18:48 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-04-23 18:48 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-11 10:01 . 2009-04-23 18:47 -------- d-----w- c:\program files\Alwil Software
2010-06-11 09:36 . 2010-06-11 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM "= "c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-06-18 36864]
"Skype "= "c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-09 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange "= "Ati2mdxx.exe" [2002-06-18 28672]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"QCTRAY "= "c:\program files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2002-07-15 491520]
"QCWLICON "= "c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2002-07-15 49152]
"BMMGAG "= "c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2002-06-28 64000]
"TPTRAY "= "c:\progra~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2002-06-28 48640]
"TP4EX "= "tp4ex.exe" [2002-02-22 40960]
"TPHOTKEY "= "c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2002-06-28 86016]
"NPDTray "= "c:\progra~1\ThinkPad\UTILIT~1\NPDTray.exe" [2002-07-04 204800]
"AGRSMMSG "= "AGRSMMSG.exe" [2002-02-23 87037]
"Tgcmd "= "c:\program files\Support.com\bin\tgcmd.exe" [2001-11-07 1519616]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-01-16 98304]
"Symantec PIF AlertEng "= "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"LogitechCommunicationsManager "= "c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-25 497200]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX "= "c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 148888]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-6-18 196608]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer "=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/24/2009 4:48 AM 165456]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [1/13/2006 7:32 AM 12288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/24/2009 4:48 AM 17744]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [1/1/1980 6:00 PM 88064]
S3 netnnpcc;Navini Networks PCMCIA Adapter;c:\windows\system32\drivers\netnnpcc.sys [2/22/2007 8:36 PM 7555]
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Settings,ProxyServer = http=127.0.0.1:5643
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://webvpn.au.aecom.com/+CSCOL+/relayp.cab
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 21:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7376)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\docume~1\User\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\QCONSVC.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\RunDll32.exe
c:\windows\AGRSMMSG.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-08-08 22:12:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-08 12:12

Pre-Run: 8,750,862,336 bytes free
Post-Run: 8,712,798,208 bytes free

- - End Of File - - E1198439E5F35593D752ABC724FEC383

PCPom · 2010/08/08

And, as I'll be logging off for the night now, I took the liberty of running another MBRCheck - log below - cheers!

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 139):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8B36000 \WINDOWS\system32\KDCOM.DLL
0xF8A46000 \WINDOWS\system32\BOOTVID.dll
0xF85E7000 ACPI.sys
0xF8B38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF85D6000 pci.sys
0xF8636000 isapnp.sys
0xF8A4A000 compbatt.sys
0xF8A4E000 \WINDOWS\System32\DRIVERS\BATTC.SYS
0xF8B3A000 intelide.sys
0xF88B6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF85B8000 pcmcia.sys
0xF8646000 MountMgr.sys
0xF8599000 ftdisk.sys
0xF8A52000 ACPIEC.sys
0xF8BFE000 \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
0xF88BE000 PartMgr.sys
0xF8656000 VolSnap.sys
0xF8581000 atapi.sys
0xF8666000 disk.sys
0xF8676000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8561000 fltmgr.sys
0xF854F000 sr.sys
0xF8686000 PxHelp20.sys
0xF8538000 KSecDD.sys
0xF84AB000 Ntfs.sys
0xF847E000 NDIS.sys
0xF8696000 Combo-Fix.sys
0xF8464000 Mup.sys
0xF86A6000 agp440.sys
0xF8836000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF839B000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xF8387000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF893E000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF8363000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF834D000 \SystemRoot\System32\DRIVERS\PCX504.sys
0xF832F000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8846000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8946000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF82EE000 \SystemRoot\System32\DRIVERS\SynTP.sys
0xF8B4E000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF894E000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8956000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8856000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8B0A000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF82DA000 \SystemRoot\System32\DRIVERS\parport.sys
0xF895E000 \SystemRoot\System32\DRIVERS\nscirda.sys
0xF8B0E000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF8B16000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xF8966000 \SystemRoot\System32\DRIVERS\ibmpmdrv.sys
0xF8866000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8B1A000 \SystemRoot\system32\drivers\pfc.sys
0xF8876000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8886000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF82B7000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8242000 \SystemRoot\system32\drivers\smwdm.sys
0xF8C71000 \SystemRoot\system32\drivers\SENSUPGD.SYS
0xF821E000 \SystemRoot\system32\drivers\portcls.sys
0xF88A6000 \SystemRoot\system32\drivers\drmk.sys
0xF8B50000 \SystemRoot\system32\drivers\aeaudio.sys
0xF810E000 \SystemRoot\System32\DRIVERS\AGRSM.sys
0xF896E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8C74000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8976000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF897E000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF8726000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8B2E000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF80CF000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8736000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8746000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF80BE000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8756000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8986000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF898E000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7FEE000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF8766000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8B52000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7F90000 \SystemRoot\System32\DRIVERS\update.sys
0xF841F000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8786000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF87C6000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8B58000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8CEE000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B5A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF89B6000 \SystemRoot\System32\drivers\vga.sys
0xF8B5C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B5E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF89BE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF89C6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8AE2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF24B2000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF2459000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF87E6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xF2431000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF240F000 \SystemRoot\System32\drivers\afd.sys
0xF87F6000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF89CE000 \SystemRoot\System32\drivers\Tppwr.sys
0xF8AEE000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF89D6000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF89DE000 \SystemRoot\System32\drivers\Smapint.sys
0xF22FC000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF228C000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8D04000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF8816000 \SystemRoot\System32\Drivers\Fips.SYS
0xF15C6000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF8896000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF1563000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF153C000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF89EE000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF86F6000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF14FC000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B66000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7F74000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8A06000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8CD2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF047000 \SystemRoot\System32\ati3d1ag.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF1454000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF128E000 \SystemRoot\System32\DRIVERS\irda.sys
0xF13BC000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF11FF000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xF1092000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8BFC000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF0F4B000 \SystemRoot\System32\DRIVERS\srv.sys
0xF8B42000 \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
0xF0D56000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0EBB000 \SystemRoot\system32\drivers\sysaudio.sys
0xF8A3E000 \SystemRoot\system32\drivers\LVPr2Mon.sys
0xF0837000 \SystemRoot\System32\Drivers\HTTP.sys
0xF890E000 \??\C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys
0xEFEF8000 \SystemRoot\system32\drivers\kmixer.sys
0xF89E6000 \??\C:\ComboFix\catchme.sys
0xF8B4A000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF88D6000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
664 C:\WINDOWS\system32\smss.exe
712 csrss.exe
736 C:\WINDOWS\system32\winlogon.exe
780 C:\WINDOWS\system32\services.exe
792 C:\WINDOWS\system32\lsass.exe
956 C:\WINDOWS\system32\ibmpmsvc.exe
980 C:\WINDOWS\system32\svchost.exe
1064 svchost.exe
1128 C:\WINDOWS\system32\svchost.exe
1240 svchost.exe
1336 svchost.exe
1580 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1736 C:\WINDOWS\system32\spoolsv.exe
1776 C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
1880 svchost.exe
1920 C:\WINDOWS\system32\ati2evxx.exe
1988 C:\Program Files\Java\jre6\bin\jqs.exe
2012 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
176 C:\WINDOWS\system32\QCONSVC.EXE
284 C:\WINDOWS\system32\svchost.exe
316 wdfmgr.exe
372 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
452 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
2356 C:\Program Files\Canon\CAL\CALMAIN.exe
2564 alg.exe
3636 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3652 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3692 C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
3720 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
3752 C:\WINDOWS\system32\rundll32.exe
3800 C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
3860 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
3912 C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTRAY.EXE
4004 C:\WINDOWS\AGRSMMSG.exe
2152 C:\Program Files\QuickTime\qttask.exe
2200 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
2236 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2284 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
2312 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
1472 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
2120 C:\Program Files\Java\jre6\bin\jusched.exe
2424 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
2512 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
2520 C:\Program Files\Skype\Phone\Skype.exe
2624 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
3044 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
3144 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
3212 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
3316 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
1204 C:\Program Files\Logitech\QuickCam10\COCIManager.exe
3592 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
4088 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
1288 C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
1524 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
756 C:\Program Files\Skype\Plugin Manager\skypePM.exe
7376 C:\WINDOWS\explorer.exe
6296 C:\Documents and Settings\User\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS548040M9AT00, Rev: MG2OA55A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 4C8B6466C132CB19D9FCADF546658F91EF74A4AF

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

broni · 2010/08/08

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Jvawalocupuwowo.bin
c:\windows\Npaha.dat


Folder::
c:\documents and settings\User\Local Settings\Application Data\njpvxrkmq
c:\documents and settings\User\Local Settings\Application Data\bxqndmsne
c:\documents and settings\User\Application Data\AVG7


DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5643

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=-
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

PCPom · 2010/08/09

All done - Combofix log below...

ComboFix 10-08-07.01 - User 08/09/2010 6:35.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.218 [GMT 10:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\Jvawalocupuwowo.bin "
"c:\windows\Npaha.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\User\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\User\Application Data\AVG7
c:\documents and settings\User\Local Settings\Application Data\bxqndmsne
c:\documents and settings\User\Local Settings\Application Data\njpvxrkmq
c:\documents and settings\User\Local Settings\Temp\IadHide5.dll
c:\windows\Jvawalocupuwowo.bin
c:\windows\Npaha.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-04 10:48 . 2010-08-04 10:48 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-04 10:47 . 2010-08-04 10:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-14 12:27 . 2010-07-14 12:27 -------- d-----w- c:\windows\Sun
2010-07-12 11:57 . 2010-07-12 11:57 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-07-12 11:57 . 2010-04-29 05:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-12 11:57 . 2010-07-12 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-12 11:57 . 2010-07-12 11:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-12 11:57 . 2010-04-29 05:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-12 11:48 . 2010-08-03 09:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 20:40 . 2008-06-18 10:20 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-08-08 20:20 . 2008-06-18 10:22 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-08-08 12:28 . 2007-08-12 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-06 12:05 . 2008-02-04 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7
2010-08-06 12:05 . 2007-10-17 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-08-06 12:05 . 2010-06-06 20:42 -------- d-----w- c:\documents and settings\User\Application Data\CameraWindowDC
2010-08-06 12:03 . 2008-01-23 08:35 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
2010-08-06 09:32 . 2008-01-23 08:35 -------- d-----w- c:\program files\uTorrent
2010-07-29 12:53 . 2006-04-13 11:36 -------- d-----w- c:\program files\CCleaner
2010-07-28 09:30 . 2010-07-14 10:19 452104 ----a-w- c:\documents and settings\User\Application Data\Real\Update\setup3.12\setup.exe
2010-07-24 10:39 . 2010-06-07 09:20 -------- d-----w- c:\documents and settings\User\Application Data\ZoomBrowser EX
2010-07-13 12:27 . 2007-10-17 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-13 12:21 . 2008-05-10 13:21 -------- d-----w- c:\program files\Yahoo!
2010-07-13 12:18 . 2009-04-19 08:53 -------- d-----w- c:\program files\IKEA HomePlanner
2010-06-29 11:37 . 2010-05-09 11:48 439816 ----a-w- c:\documents and settings\User\Application Data\Real\Update\setup3.10\setup.exe
2010-06-28 20:57 . 2010-06-29 09:32 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-04-23 18:47 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-04-23 18:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-04-23 18:48 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-04-23 18:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-04-23 18:48 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-04-23 18:48 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-04-23 18:48 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-04-23 18:48 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-11 10:01 . 2009-04-23 18:47 -------- d-----w- c:\program files\Alwil Software
2010-06-11 09:36 . 2010-06-11 09:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM "= "c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-06-18 36864]
"Skype "= "c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"PC Suite Tray "= "c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-09 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange "= "Ati2mdxx.exe" [2002-06-18 28672]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 126976]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 561152]
"QCTRAY "= "c:\program files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2002-07-15 491520]
"QCWLICON "= "c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2002-07-15 49152]
"BMMGAG "= "c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2002-06-28 64000]
"TPTRAY "= "c:\progra~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2002-06-28 48640]
"TP4EX "= "tp4ex.exe" [2002-02-22 40960]
"TPHOTKEY "= "c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2002-06-28 86016]
"NPDTray "= "c:\progra~1\ThinkPad\UTILIT~1\NPDTray.exe" [2002-07-04 204800]
"AGRSMMSG "= "AGRSMMSG.exe" [2002-02-23 87037]
"Tgcmd "= "c:\program files\Support.com\bin\tgcmd.exe" [2001-11-07 1519616]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-01-16 98304]
"Symantec PIF AlertEng "= "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 583048]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"LogitechCommunicationsManager "= "c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-25 497200]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX "= "c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 148888]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync "= "c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-6-18 196608]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer "=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/24/2009 4:48 AM 165456]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [1/13/2006 7:32 AM 12288]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/24/2009 4:48 AM 17744]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [1/1/1980 6:00 PM 88064]
S3 netnnpcc;Navini Networks PCMCIA Adapter;c:\windows\system32\drivers\netnnpcc.sys [2/22/2007 8:36 PM 7555]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/5/2010 8:15 PM 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-08-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 12:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://webvpn.au.aecom.com/+CSCOL+/relayp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-09 06:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5876)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\docume~1\User\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\RunDll32.exe
c:\windows\AGRSMMSG.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\QCONSVC.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-08-09 07:01:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-08 21:00
ComboFix2.txt 2010-08-08 12:12

Pre-Run: 8,615,563,264 bytes free
Post-Run: 8,663,302,144 bytes free

- - End Of File - - 73ADCC5C8E9332282E3C19F27DD5954A

broni · 2010/08/09

That looks good

How is computer doing at the moment?

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

===================================================================

Download the MBR Rootkit Detector: http://www2.gmer.net/mbr/mbr.exe to your desktop.

* Doubleclick mbr.exe and follow prompts (Vista users: right click on mbr.exe and click "Run As Administrator ").
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log (mbr.log) file to your next reply.

===============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

PCPom · 2010/08/10

"broni said: ↑

That looks good

How is computer doing at the moment?
Click to expand...

Much, much better already, thanks

MBR...

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

OTL log Part 1...

OTL logfile created on: 8/10/2010 7:28:16 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 156.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.53 Gb Free Space | 28.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBM-NLCIT72HLZ9
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/10 19:14:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2010/06/29 06:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/11/13 11:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 11:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/06/18 20:04:23 | 000,036,864 | ---- | M] (Logitech) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/05/26 20:19:54 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/14 10:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/10 12:59:40 | 000,122,880 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2007/12/10 12:59:04 | 000,353,280 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/12/10 09:12:22 | 000,695,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
PRC - [2007/11/28 18:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/10/24 07:11:38 | 000,089,088 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
PRC - [2007/10/23 09:03:00 | 000,117,248 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/06/26 10:34:58 | 000,166,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\QuickCam10\COCIManager.exe
PRC - [2006/06/26 10:34:40 | 000,614,960 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/06/26 10:33:32 | 000,243,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/06/26 09:46:04 | 000,497,200 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
PRC - [2003/07/03 00:25:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2003/06/24 13:34:38 | 000,126,976 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2002/07/15 20:20:00 | 000,491,520 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2002/07/15 20:20:00 | 000,049,152 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2002/07/15 20:20:00 | 000,040,960 | ---- | M] () -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2002/07/04 20:00:00 | 000,204,800 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\NPDTRAY.EXE
PRC - [2002/06/29 09:10:52 | 000,086,016 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2002/06/28 19:30:00 | 000,048,640 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE
PRC - [2002/04/19 21:23:32 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2002/01/11 09:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

========== Modules (SafeList) ==========

MOD - [2010/08/10 19:14:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2008/06/18 20:04:17 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\User\Local Settings\Temp\IadHide5.dll
MOD - [2008/04/14 10:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/06/26 10:33:42 | 000,091,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
MOD - [2003/06/24 13:33:54 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/29 06:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2007/12/10 12:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/28 18:51:10 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/06/26 10:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2003/07/03 00:25:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2002/07/15 20:20:00 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/06/29 06:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/29 06:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/29 06:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/29 06:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/29 06:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/29 06:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/14 04:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/14 04:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/14 04:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/09/02 18:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/07/12 20:58:54 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/02/22 09:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 09:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 09:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 09:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006/06/26 10:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 10:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 10:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/23 08:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/23 08:29:28 | 000,720,176 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) Logitech QuickCam IM(PID_08A0)
DRV - [2006/06/23 08:29:27 | 000,012,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/11/15 15:06:02 | 000,007,555 | R--- | M] (Navini Networks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netnnpcc.sys -- (netnnpcc)
DRV - [2003/07/03 00:25:00 | 000,011,344 | ---- | M] (IBM Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2003/06/24 13:16:30 | 000,265,744 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2002/10/01 08:22:32 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/07/15 20:20:00 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2002/06/28 19:30:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2002/06/28 19:30:00 | 000,012,288 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2002/06/28 19:30:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2002/06/19 05:44:50 | 000,456,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2002/04/19 21:22:58 | 000,012,605 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2002/04/02 09:27:36 | 000,088,064 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCX504.sys -- (PCX504)
DRV - [2002/02/23 11:26:26 | 001,112,096 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/01/11 08:55:22 | 000,004,010 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2001/09/14 01:58:02 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/ "

[2006/12/30 09:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\7qp1717k.default\extensions
[2009/12/13 17:09:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/20 15:52:00 | 002,884,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010/08/09 06:45:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [NPDTray] C:\Program Files\ThinkPad\Utilities\NPDTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE ()
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe (Support.com, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPTRAY] C:\Program Files\ThinkPad\Utilities\TP98TRAY.EXE (IBM Corp.)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://webvpn.au.aecom.com/+CSCOL+/relayp.cab (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab (isInstalled Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1281092211999 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\bw+0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {01c6308f-76fd-435d-bd27-840d07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\offline-8876480 {01C6308F-76FD-435D-BD27-840D07331059} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/13 08:09:03 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/08/10 19:14:35 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/08/09 19:41:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010/08/09 19:38:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/08 19:31:44 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/08 19:23:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/14 22:27:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/07/14 21:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/13 22:27:39 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/12 21:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/07/12 21:57:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/12 21:57:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/12 21:57:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/12 21:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/12 21:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/12 21:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/12 21:33:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/06/29 19:32:16 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/11 19:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/06/07 19:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\ZoomBrowser EX
[2010/06/07 06:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\CameraWindowDC
[2010/06/07 06:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\CANON INC
[2010/05/30 13:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2010/05/30 13:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/10 19:18:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/10 19:18:30 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/08/10 19:18:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/10 19:18:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/10 19:17:58 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/10 19:16:42 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010/08/10 19:16:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/08/10 19:15:39 | 003,100,198 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010/08/10 19:14:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/08/10 19:14:01 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\User\Desktop\mbr.exe
[2010/08/09 06:46:09 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/09 06:45:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/08 19:31:56 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/08/07 13:20:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\User\Desktop\MBRCheck.exe
[2010/08/07 13:12:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\User\Desktop\w9suyide.exe
[2010/08/03 21:23:39 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/03 20:55:38 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 19:23:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/29 22:54:08 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\User\Desktop\CCleaner.lnk
[2010/07/21 23:22:34 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\User\My Documents\WMP 70 Queens Road.doc
[2010/07/21 19:21:59 | 003,016,704 | ---- | M] () -- C:\Documents and Settings\User\My Documents\KIEC Cell 3A & Leachate Pond Verification Report DRAFT_20100721_Section 5 for review.doc
[2010/07/20 22:32:01 | 000,034,918 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Dilbert6768_strip.gif
[2010/07/20 19:32:16 | 000,653,599 | ---- | M] () -- C:\Documents and Settings\User\My Documents\20100720_KIEC Cell 3A Verification Report_Sect1-4.pdf
[2010/07/15 20:34:13 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Client Feedback Survey_1a.doc
[2010/07/15 20:27:00 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Ltr Councils concern s96 diversion creek reissue.doc
[2010/07/12 21:57:30 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 21:48:09 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\User\My Documents\script.zip
[2010/07/07 23:04:44 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\User\My Documents\60100219 KIEC CQA Note.doc
[2010/07/05 19:29:24 | 001,369,057 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Noetix_Jun10_1.xls
[2010/07/05 19:28:46 | 001,369,057 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Noetix_Jun10_1.zip
[2010/06/29 19:32:29 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/29 06:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/29 06:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/29 06:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/29 06:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/29 06:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/29 06:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/29 06:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/29 06:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/29 06:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/25 19:54:18 | 000,493,082 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 19:54:18 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/25 19:54:18 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 20:09:05 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Lee.Sellick.Waste.doc
[2010/06/23 19:47:14 | 001,095,751 | ---- | M] () -- C:\Documents and Settings\User\My Documents\AECOM Invoice No.9 (Signed).pdf
[2010/06/23 19:42:40 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\User\My Documents\NSW Infra Assess Projects.doc
[2010/06/23 19:19:42 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\User\My Documents\CV Steve.Robertson.doc
[2010/06/23 19:01:42 | 001,700,454 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Tville Ind Park Study.pdf
[2010/06/21 20:29:07 | 000,108,489 | ---- | M] () -- C:\Documents and Settings\User\My Documents\2010 Wills Offer.pdf
[2010/06/21 19:58:35 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\User\My Documents\WIS PerfReview 21June10.xls
[2010/06/20 21:14:22 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Proposal KIEC Onsite Construction Engineering Services Rev 1.doc
[2010/06/20 21:12:08 | 000,058,368 | ---- | M] () -- C:\Documents and Settings\User\My Documents\RTA Ltr Second Stage LSEL review.doc
[2010/06/20 21:05:04 | 004,135,936 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Box Hill Proposal LSEL Review.doc
[2010/06/20 20:19:37 | 004,095,488 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Response.doc
[2010/06/20 20:17:32 | 000,098,031 | ---- | M] () -- C:\Documents and Settings\User\My Documents\SharedSpaces-BriefingPack.pdf
[2010/06/19 14:43:53 | 000,054,784 | ---- | M] () -- C:\Documents and Settings\User\My Documents\RTA Ltr Second Stage if work 2010 Al.doc
[2010/06/19 14:43:04 | 003,938,369 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Response to Brief_Box Hill precinctsinfrastrcuture assessment_draft2.zip
[2010/06/16 19:27:50 | 000,104,960 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Agenda WIS Project Delivery.doc
[2010/06/16 19:25:19 | 000,034,784 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Memo WSN Traffic Impact Assessment Fee Proposal.pdf
[2010/06/13 13:17:58 | 000,031,924 | ---- | M] () -- C:\Documents and Settings\User\My Documents\zoofriends receipt.MDI
[2010/06/13 03:56:56 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 19:39:17 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/11 19:30:41 | 000,080,896 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Ltr ArrowBio at Jacks Gully with UK amends.doc
[2010/05/30 13:49:59 | 000,000,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DCSD40-46 Software Starter Guide.lnk
[2010/05/30 13:49:55 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Personal Printing Guide.lnk
[2010/05/30 13:44:45 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/05/25 07:59:48 | 000,273,408 | ---- | M] () -- C:\Documents and Settings\User\My Documents\100519_AECOM_Briefing_Questionnaire.doc
[2010/05/19 22:24:51 | 000,015,117 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Draft Agenda Client Progress Meeting 21 May 2010.pdf
[2010/05/19 20:00:14 | 000,034,858 | ---- | M] () -- C:\Documents and Settings\User\My Documents\100519_AECOM_Leadership_Interview_Agenda.pdf
[2010/05/12 21:10:49 | 000,278,016 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Asia _ ANZ _ME Practice_call May 2010 SYD.doc
[2010/05/12 20:14:01 | 000,002,726 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Mike Taylor Invoice 16QR.pdf
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

PCPom · 2010/08/10

OTL log Part 2...

========== Files Created - No Company Name ==========

[2010/08/10 19:14:01 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\User\Desktop\mbr.exe
[2010/08/08 19:31:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/08 19:31:47 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/07 13:20:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\User\Desktop\MBRCheck.exe
[2010/08/07 13:12:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\User\Desktop\w9suyide.exe
[2010/08/07 12:51:54 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/21 19:41:48 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\User\My Documents\WMP 70 Queens Road.doc
[2010/07/21 19:21:51 | 003,016,704 | ---- | C] () -- C:\Documents and Settings\User\My Documents\KIEC Cell 3A & Leachate Pond Verification Report DRAFT_20100721_Section 5 for review.doc
[2010/07/20 22:32:35 | 000,034,918 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Dilbert6768_strip.gif
[2010/07/20 19:32:10 | 000,653,599 | ---- | C] () -- C:\Documents and Settings\User\My Documents\20100720_KIEC Cell 3A Verification Report_Sect1-4.pdf
[2010/07/15 20:34:12 | 000,146,432 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Client Feedback Survey_1a.doc
[2010/07/15 20:11:52 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Ltr Councils concern s96 diversion creek reissue.doc
[2010/07/12 21:57:30 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/12 21:50:02 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\User\My Documents\script.zip
[2010/07/12 21:48:27 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/07 22:58:42 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\User\My Documents\60100219 KIEC CQA Note.doc
[2010/07/05 19:29:13 | 001,369,057 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Noetix_Jun10_1.xls
[2010/07/05 19:28:36 | 001,369,057 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Noetix_Jun10_1.zip
[2010/06/23 19:47:05 | 001,095,751 | ---- | C] () -- C:\Documents and Settings\User\My Documents\AECOM Invoice No.9 (Signed).pdf
[2010/06/23 19:42:39 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\User\My Documents\NSW Infra Assess Projects.doc
[2010/06/23 19:19:28 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\User\My Documents\CV Steve.Robertson.doc
[2010/06/23 19:01:27 | 001,700,454 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Tville Ind Park Study.pdf
[2010/06/21 20:28:51 | 000,108,489 | ---- | C] () -- C:\Documents and Settings\User\My Documents\2010 Wills Offer.pdf
[2010/06/21 19:38:11 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\User\My Documents\WIS PerfReview 21June10.xls
[2010/06/20 21:12:08 | 000,058,368 | ---- | C] () -- C:\Documents and Settings\User\My Documents\RTA Ltr Second Stage LSEL review.doc
[2010/06/20 21:05:02 | 004,135,936 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Box Hill Proposal LSEL Review.doc
[2010/06/20 20:19:13 | 004,095,488 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Response.doc
[2010/06/20 20:17:27 | 000,098,031 | ---- | C] () -- C:\Documents and Settings\User\My Documents\SharedSpaces-BriefingPack.pdf
[2010/06/19 14:43:51 | 000,054,784 | ---- | C] () -- C:\Documents and Settings\User\My Documents\RTA Ltr Second Stage if work 2010 Al.doc
[2010/06/19 14:43:03 | 003,938,369 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Response to Brief_Box Hill precinctsinfrastrcuture assessment_draft2.zip
[2010/06/17 19:51:14 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Proposal KIEC Onsite Construction Engineering Services Rev 1.doc
[2010/06/16 19:27:47 | 000,104,960 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Agenda WIS Project Delivery.doc
[2010/06/16 19:25:15 | 000,034,784 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Memo WSN Traffic Impact Assessment Fee Proposal.pdf
[2010/06/13 13:17:56 | 000,031,924 | ---- | C] () -- C:\Documents and Settings\User\My Documents\zoofriends receipt.MDI
[2010/06/11 19:39:17 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/11 19:24:09 | 000,080,896 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Ltr ArrowBio at Jacks Gully with UK amends.doc
[2010/05/30 13:49:59 | 000,000,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DCSD40-46 Software Starter Guide.lnk
[2010/05/30 13:49:55 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Personal Printing Guide.lnk
[2010/05/30 13:44:45 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2010/05/19 22:24:46 | 000,015,117 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Draft Agenda Client Progress Meeting 21 May 2010.pdf
[2010/05/19 20:00:12 | 000,034,858 | ---- | C] () -- C:\Documents and Settings\User\My Documents\100519_AECOM_Leadership_Interview_Agenda.pdf
[2010/05/19 19:57:37 | 000,273,408 | ---- | C] () -- C:\Documents and Settings\User\My Documents\100519_AECOM_Briefing_Questionnaire.doc
[2010/05/12 20:16:15 | 000,278,016 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Asia _ ANZ _ME Practice_call May 2010 SYD.doc
[2010/05/12 20:14:00 | 000,002,726 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Mike Taylor Invoice 16QR.pdf
[2008/06/18 20:05:10 | 000,022,334 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/09 19:05:22 | 001,347,673 | ---- | C] () -- C:\WINDOWS\UnInstallAskeyAdsl.dll
[2007/10/20 22:41:51 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/04/02 21:50:28 | 000,000,052 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/03/29 21:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/08/29 21:24:35 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/02/05 17:44:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/16 20:45:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/01/16 20:13:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/01/15 16:26:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/01/15 16:18:30 | 000,000,032 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2006/01/13 07:41:18 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2006/01/13 07:41:18 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2006/01/13 07:41:18 | 000,004,052 | ---- | C] () -- C:\WINDOWS\unwise.ini
[2006/01/13 07:39:55 | 000,000,222 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2006/01/13 07:35:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/13 07:32:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/01/13 07:32:36 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/01/13 07:31:54 | 000,002,295 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2006/01/13 07:28:33 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/03 00:25:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/08 09:16:16 | 000,000,010 | ---- | C] () -- C:\WINDOWS\Launcher.ini
[2002/01/11 08:55:22 | 000,004,010 | ---- | C] () -- C:\WINDOWS\System32\egathdrv.sys
[2001/06/09 09:54:30 | 000,003,478 | ---- | C] () -- C:\WINDOWS\translat.ini
[1980/01/01 18:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 18:00:00 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2010/06/11 19:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/08/06 22:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2010/08/06 22:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/01/31 20:51:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/01/31 20:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/05/05 22:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/05/05 20:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2007/02/12 20:07:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\IBM
[2006/01/21 08:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterTrust
[2008/01/31 20:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia
[2008/01/31 21:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nokia Multimedia Player
[2008/07/17 21:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PC Suite
[2006/01/15 03:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Simple Star
[2006/01/16 09:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Snapfish
[2010/08/06 22:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
[2010/05/05 20:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Western Digital
[2010/08/10 19:18:30 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/01/13 08:09:03 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2006/01/13 08:53:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/08 19:31:56 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2006/01/13 07:35:52 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2006/01/13 07:42:58 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2006/01/13 07:05:30 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/09 07:01:14 | 000,013,117 | ---- | M] () -- C:\ComboFix.txt
[2006/01/13 08:09:03 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2006/01/13 07:34:40 | 000,000,222 | ---- | M] () -- C:\CWUtilInst.log
[2006/01/13 07:40:22 | 000,001,125 | ---- | M] () -- C:\drivez.log
[2010/08/10 19:17:58 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2006/01/13 08:09:03 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/01/13 07:39:14 | 000,000,155 | ---- | M] () -- C:\LOGFILE.txt
[2009/12/13 17:04:31 | 000,006,767 | ---- | M] () -- C:\lvcoinst.log
[2009/09/01 20:34:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/01/13 08:44:42 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/25 08:25:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/10 19:17:55 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2006/01/13 07:38:46 | 000,000,910 | ---- | M] () -- C:\SYSLEVEL.IBM

PCPom · 2010/08/10

OTL Extras...

OTL Extras logfile created on: 8/10/2010 7:28:16 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 156.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.53 Gb Free Space | 28.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBM-NLCIT72HLZ9
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}" = Nokia Connectivity Cable Driver
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{27509BD0-A48A-11D4-9D5C-00010234834B}" = Aironet Client Utility
"{29466F9C-7C6A-419C-B301-F440FAF78760}" = Nokia PC Suite
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3638411A-C5DB-4916-BA1A-9C2A6AD1BBBB}" = Askey ADSL Router USB Driver
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access ThinkPad
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows Driver Package - Nokia Modem (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.4
"avast5" = avast! Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"IBM Access Support" = IBM ThinkPad Access Support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Panda ActiveScan" = Panda ActiveScan
"PC-Doctor" = Uninstall PC-Doctor
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"QcDrv" = Logitech® Camera Driver
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva (remove only)
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Support.com" = Support.com Software
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dulux MyColour4" = Dulux MyColour4

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/8/2009 3:26:28 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = avast! | ID = 33554522
Description =

Error - 11/10/2009 3:41:03 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 8/7/2010 12:41:43 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/8/2010 12:28:59 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/8/2010 12:29:00 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/8/2010 12:31:06 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a3b57.

Error - 8/8/2010 12:42:45 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/8/2010 1:08:11 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/8/2010 1:10:34 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a3b57.

Error - 8/8/2010 5:45:02 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/8/2010 5:45:03 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/8/2010 5:46:17 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a3b57.

[ System Events ]
Error - 8/10/2010 5:18:57 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 8/10/2010 5:18:57 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 8/10/2010 5:18:57 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 8/10/2010 5:18:57 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 8/10/2010 5:19:00 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 8/10/2010 5:19:00 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 8/10/2010 5:19:00 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference
error message: The operation completed successfully. .

Error - 8/10/2010 5:21:49 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.3 for the Network Card with network address
00096B939111 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a
DHCPNACK message).

Error - 8/10/2010 5:30:04 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/10/2010 5:30:05 AM | Computer Name = IBM-NLCIT72HLZ9 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

< End of report >

Log in or Sign up

Solved Win32 bug and general malaise in WinXP

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

PCPom Inactive Thread Starter

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

PCPom Inactive Thread Starter

PCPom Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Win32 bug and general malaise in WinXP

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

PCPom Inactive Thread Starter

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

broni Moderator Malware Analyst

PCPom Inactive Thread Starter

PCPom Inactive Thread Starter

PCPom Inactive Thread Starter

Share This Page

Useful Searches