Solved Internet Explorer 7 Will Not Launch after Trojan was removed

BigMarklin · 2010/09/26

[Resolved] Internet Explorer 7 Will Not Launch after Trojan was removed

Explorer 7 for WinXP will not start or open ANY pages after virus scan detected and eliminated Trojan. All other aspects of computer appear to be operating normally. The IE window starts to open. There is a brief flash and a disk drive icon in the lower left of the window. Then the window closes.

I don't know if this is related, but I keep getting the message when I log on to the computer that windows cannot load my user profile due to insufficient system resources and it logs me on to a default profile.

Any and all help will be greatly appreciated!

Admin. · 2010/09/26

Hi,

Read this post as indicated at the top of this forum & follow the instructions.

BigMarklin · 2010/09/26

Here is the DDS.txt file

DDS (Ver_10-03-17.01) - NTFSx86
Run by Jim at 12:08:51.43 on Sun 09/26/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.290 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\jim\Desktop\dds.scr

============== Pseudo HJT Report ===============

mSearchAssistant = hxxp://home.peoplepc.com/search
BHO: AutorunsDisabled - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
mRun: [QCTray] c:\progra~1\thinkpad\connec~1\QCTray.exe
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
IE: Convert link target to Adobe PDF
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF
IE: Convert to existing PDF
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - hxxps://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
DPF: {204D07F5-A3D9-4872-9A11-C750A5B52163} - hxxps://app.primecontract.com/primecontractsupport/brava/PreloadX.cab
DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} - hxxp://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262362662208
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262363863328
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: psfus - c:\program files\ibm fingerprint software\psfus.dll
Notify: QConGina - QConGina.dll
Notify: tphotkey - tphklock.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Notification Packages = scecli pwdmon
IFEO: AutorunsDisabled - ntsd -d

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jim\applic~1\mozilla\firefox\profiles\uzcifgud.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\uzcifgud.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\jim\application data\mozilla\firefox\profiles\uzcifgud.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\jim\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\jim\application data\mozilla\firefox\profiles\uzcifgud.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [2004-12-16 6912]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2005-3-3 14208]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-2-29 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-2-29 242808]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-7-20 1258712]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100924.004\naveng.sys [2010-9-24 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100924.004\navex15.sys [2010-9-24 1362608]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2005-3-3 6016]
S1 HWiNFO32;HWiNFO32 Kernel Driver; [x]
S2 mrtRate;mrtRate; [x]
S2 NatMotion;NatMotion; [x]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-2-29 87160]
S3 gpibclsb;GPIB Board Class Driver;c:\windows\system32\drivers\gpibclsb.sys --> c:\windows\system32\drivers\gpibclsb.sys [?]
S3 gpibclsd;GPIB Device Class Driver;c:\windows\system32\drivers\gpibclsd.sys --> c:\windows\system32\drivers\gpibclsd.sys [?]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-3-3 12288]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-3-12 169192]

=============== Created Last 30 ================

2010-09-26 13:34:58 0 d-----w- c:\program files\AML Products
2010-09-25 21:23:24 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-09-25 21:23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-25 01:31:59 0 d-----w- c:\docume~1\jim\applic~1\QuickScan
2010-09-20 23:21:54 0 d-----w- c:\docume~1\jim\applic~1\Malwarebytes
2010-09-20 23:21:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-20 23:21:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-20 23:21:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 23:21:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 21:32:44 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-09-12 19:20:07 0 d-----w- c:\windows\system32\NtmsData
2010-09-12 14:31:45 83168 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-12 14:31:45 82832 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 14:31:36 0 d-----w- c:\program files\Symantec AntiVirus
2010-09-12 14:31:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-09-07 03:45:43 0 d-----w- c:\windows\system32\wbem\Repository
2010-09-07 02:55:44 5760 ------w- c:\windows\system32\74F.tmp
2010-09-07 02:55:10 0 d-----w- c:\program files\Sophos
2010-09-06 22:16:38 0 d-----w- c:\documents and settings\jim\IECompatCache
2010-09-06 21:31:35 8224768 ----a-w- C:\ntuser.dat
2010-09-04 18:45:35 0 d-----w- c:\documents and settings\jim\PrivacIE
2010-09-04 18:35:29 0 d-----w- c:\documents and settings\jim\IETldCache
2010-09-04 18:26:19 0 d-----w- c:\windows\ie8updates
2010-09-04 18:20:01 0 dc----w- c:\windows\ie8

==================== Find3M ====================

2010-09-13 01:23:29 90112 ----a-w- c:\windows\DUMPc43a.tmp
2010-09-13 01:22:15 90112 ----a-w- c:\windows\DUMPb9da.tmp
2010-09-04 17:46:01 94208 ----a-w- c:\windows\DUMPc4a7.tmp
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 13:17:06 58880 ------w- c:\windows\system32\dllcache\spoolsv.exe
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 15:49:15 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2008-06-20 02:16:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061920080620\index.dat

============= FINISH: 12:10:09.12 ===============

Here is the ATTACH.txt file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/29/2005 7:49:21 PM
System Uptime: 9/26/2010 11:46:01 AM (1 hours ago)

Motherboard: IBM | | 266897U
Processor: Intel(R) Pentium(R) M processor 2.00GHz | None | 798/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 46.451 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP631: 9/12/2010 11:30:00 AM - I think it's working; reinstalled Symantec AV
RP632: 9/17/2010 11:25:10 PM - System Checkpoint
RP633: 9/18/2010 1:17:34 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP634: 9/18/2010 1:18:03 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP635: 9/18/2010 1:19:05 PM - Installed SeaTools for Windows
RP636: 9/18/2010 3:44:41 PM - Revo Uninstaller's restore point - Extensis Portfolio 8
RP637: 9/18/2010 3:47:11 PM - Removed Extensis Portfolio 8
RP638: 9/20/2010 5:19:17 PM - Restore Operation
RP639: 9/20/2010 5:42:41 PM - Before malware check
RP640: 9/23/2010 10:41:08 PM - Revo Uninstaller's restore point - SeaTools for Windows
RP641: 9/23/2010 10:41:39 PM - Removed SeaTools for Windows
RP642: 9/23/2010 10:43:27 PM - Revo Uninstaller's restore point - SUPERAntiSpyware
RP643: 9/24/2010 9:05:22 PM - Update
RP644: 9/25/2010 6:02:01 PM - Software Distribution Service 3.0
RP645: 9/26/2010 8:43:10 AM - Software Distribution Service 3.0
RP646: 9/26/2010 10:09:57 AM - Revo Uninstaller's restore point - Uniblue RegistryBooster

==== Installed Programs ======================

Access IBM
Access IBM Message Center
Acronis*True*Image
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Illustrator 10
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
AML Free Registry Cleaner 4.21
AoA Audio Extractor 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HYDRAVISION
Bonjour
CCleaner
Cloudmark Desktop for Microsoft Outlook
Compatibility Pack for the 2007 Office system
Diskeeper Professional Edition
EndNote
ERUNT 1.1j
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IBM 32-bit Runtime Environment for Java 2, v1.4.2
IBM Access Connections
IBM Active Protection System
IBM DLA
IBM fingerprint software 4.5.3
IBM Integrated 56K Modem
IBM Integrated Bluetooth IV Software
IBM RecordNow!
IBM Rescue and Recovery with Rapid Restore
IBM SATA Power Management Driver
IBM Themes
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Manager
IBM ThinkPad Presentation Director
IBM ThinkPad UltraNav Wizard
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
IBM Update Connector
IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
InterVideo WinDVD
InterVideo WinDVD Creator
iTunes
IVI Shared Component
Lexar Media Reader Products
LexarMedia ImageRescue Software
LiveUpdate 2.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Silverlight
Microsoft Streets and Trips 2004
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Demo
NI-DAQ Device Document Browser
OGA Notifier 2.0.0048.0
Palm Desktop
PC-Doctor for Windows
Picasa 3
PictureProject
PictureProject In Touch Downloader 1.0
QuickTime
Retrospect 6.0
Revo Uninstaller 1.83
RIS Web Helper
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Update Manager
Sophos Anti-Rootkit 1.3.1
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Symantec AntiVirus
ThinkPad FullScreen Magnifier
ThinkPad Power Management Driver
ThinkPad Software Installer
ThinkPad UltraNav Driver
ThumbsPlus version 7.0
TurboTax ItsDeductible 2006
Tweak UI
Undelete Plus 2.97
Uniblue ProcessQuickLink 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter FX (MXO)
ViceVersa Pro 2 (Build 2011)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WinZip
X-Win32
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

9/26/2010 9:47:46 AM, error: System Error [1003] - Error code 1000000a, parameter1 00000054, parameter2 00000002, parameter3 00000001, parameter4 80500d1c.
9/26/2010 9:19:28 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2010 9:18:09 AM, error: Service Control Manager [7034] - The Retrospect Launcher service terminated unexpectedly. It has done this 1 time(s).
9/26/2010 9:15:25 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2010 8:31:16 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 960000 milliseconds: Restart the service.
9/26/2010 8:29:35 AM, error: Service Control Manager [7031] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/26/2010 10:31:02 AM, error: System Error [1003] - Error code 1000000a, parameter1 00770000, parameter2 00000002, parameter3 00000000, parameter4 80500d23.
9/25/2010 5:32:57 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 837f1878, parameter3 837f1950, parameter4 0a1b000f.
9/24/2010 9:01:15 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 80515499, parameter3 ef710acc, parameter4 00000000.
9/20/2010 8:47:27 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/20/2010 5:20:17 PM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: Not enough storage is available to process this command.
9/20/2010 5:20:17 PM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: Not enough storage is available to process this command.
9/20/2010 5:19:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: HWiNFO32
9/20/2010 5:19:08 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
9/20/2010 4:59:27 PM, error: System Error [1003] - Error code 1000000a, parameter1 0000002d, parameter2 00000002, parameter3 00000000, parameter4 804e5e53.
9/19/2010 11:03:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.
9/19/2010 11:03:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Retrospect Helper service to connect.
9/19/2010 11:03:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IBM KCU Service service to connect.
9/19/2010 11:03:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IBM HDD APS Logging Service service to connect.
9/19/2010 11:03:33 AM, error: Service Control Manager [7000] - The Retrospect Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/19/2010 11:03:33 AM, error: Service Control Manager [7000] - The IBM KCU Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/19/2010 11:03:33 AM, error: Service Control Manager [7000] - The IBM HDD APS Logging Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

Thanks!

broni · 2010/09/26

Welcome aboard

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

BigMarklin · 2010/09/27

Broni, Thank you for your quick response. Here are the 3 files.

malwarebytes
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4701

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

9/26/2010 11:57:42 PM
mbam-log-2010-09-26 (23-57-42).txt

Scan type: Quick scan
Objects scanned: 176644
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-27 01:11:35
Windows 5.1.2600 Service Pack 3
Running: 9ud8jgry.exe; Driver: C:\DOCUME~1\jim\LOCALS~1\Temp\kgldqpob.sys

---- System - GMER 1.0.15 ----

SSDT E1C74108 ZwConnectPort

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[420] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7B167AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7B1686E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7B1686E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7B167AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7B167AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7B1686E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7B1686E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7B167AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7B1686E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7B167AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7B1686E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [F7B1686E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [F7B167AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7B1686E] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7B167AC] ANCSQ.sys (IBM Rescue and Recovery- ANCSQ/IBM Corp.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 TPInput.sys (IBM SATA Power Management Driver/IBM Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 TPInput.sys (IBM SATA Power Management Driver/IBM Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (TrueImage Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (TrueImage Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \FileSystem\Fastfat \Fat EEDA5D20

AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\RRUbackups\Documents and Settings 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500\65aa0af7-427e-4a2e-8537-b08a8a481ed3 388 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz 0 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1005 0 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1005\01e79ede-3752-40cb-ae0b-8783e3bccf66 388 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1005\0875614f-cc21-468e-9dd8-8d65e17a80ff 388 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1005\08ff75f1-a53d-4492-95b7-cd48a4ada7c0 388 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1005\2a83b634-1678-4e79-8c94-29d31affce54 388 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1005\790920b5-4286-4223-9e72-c3ab6af4e081 388 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1005\8123087a-9789-46a0-9cb2-07acef6a1f07 388 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1005\8eb9eb87-ea9d-44e4-9244-0976f7a79f7d 388 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1005\e57a9e53-b747-41a9-8cb3-b58405ba2538 388 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1005\f54f123d-8767-49cc-819c-a61df6349223 388 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1005\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500 0 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500\65aa0af7-427e-4a2e-8537-b08a8a481ed3 388 bytes
File C:\RRUbackups\Documents and Settings\Anton Khabbaz\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\Default User 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500\65aa0af7-427e-4a2e-8537-b08a8a481ed3 388 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\jim 0 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1009 0 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1009\23f3296c-ff2e-462d-99f7-8783c83f2989 388 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1009\2edc904a-3705-4063-8a44-38a3b48c6bf2 388 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1009\465ff6ec-1bf2-494e-b8e0-1c10e3690b15 388 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1009\568d8d7d-8b26-4277-ae25-74d5fa591c9b 388 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1009\887a22ce-1314-4e85-8534-0b4fa49d2247 388 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1009\9023e5ca-dc93-453e-ad43-34887428d24b 388 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1009\a97af51d-b7c9-4440-b6d0-1a1a2161df19 388 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1009\d9d9d2bd-227e-425d-934f-ea7d7c40b601 388 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1009\e5259147-b7e4-44fb-ad1e-27f729a08ff7 388 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-638518679-954149168-2782664844-1009\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500 0 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500\65aa0af7-427e-4a2e-8537-b08a8a481ed3 388 bytes
File C:\RRUbackups\Documents and Settings\jim\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\Nancy 0 bytes
File C:\RRUbackups\Documents and Settings\Nancy\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Nancy\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Nancy\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Nancy\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Nancy\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500 0 bytes
File C:\RRUbackups\Documents and Settings\Nancy\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500\65aa0af7-427e-4a2e-8537-b08a8a481ed3 388 bytes
File C:\RRUbackups\Documents and Settings\Nancy\Application Data\Microsoft\Protect\S-1-5-21-907929423-3892029867-2060552568-500\Preferred 24 bytes
File C:\RRUbackups\hints.dat 8192 bytes
File C:\RRUbackups\pu.dat 224 bytes
File C:\RRUbackups\SAM 32768 bytes
File C:\RRUbackups\system 11796480 bytes
File C:\RRUbackups\system.dat 12288 bytes

---- EOF - GMER 1.0.15 ----

MBRcheck
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 177):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7B10000 \WINDOWS\system32\KDCOM.DLL
0xF7A20000 \WINDOWS\system32\BOOTVID.dll
0xF74E1000 ACPI.sys
0xF7B12000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74D0000 pci.sys
0xF7610000 isapnp.sys
0xF7A24000 compbatt.sys
0xF7A28000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BD8000 pciide.sys
0xF7890000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B2000 pcmcia.sys
0xF7620000 MountMgr.sys
0xF7493000 ftdisk.sys
0xF7B14000 dmload.sys
0xF746D000 dmio.sys
0xF7898000 PartMgr.sys
0xF7A2C000 ACPIEC.sys
0xF7BD9000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7630000 Shockprf.sys
0xF7A30000 TPDiskPM.sys
0xF7640000 VolSnap.sys
0xF7455000 atapi.sys
0xF7650000 disk.sys
0xF7660000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7435000 fltmgr.sys
0xF7423000 sr.sys
0xF7670000 PxHelp20.sys
0xF740E000 drvmcdb.sys
0xF73F7000 KSecDD.sys
0xF736A000 Ntfs.sys
0xF7B16000 ANCSQ.sys
0xF733D000 \WINDOWS\System32\drivers\NDIS.SYS
0xF7300000 timntr.sys
0xF72E8000 snapman.sys
0xF72CE000 Mup.sys
0xF71A2000 btkrnl.sys
0xF7860000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6B7E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6B6A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6B4B000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7930000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6B27000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7938000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6AC6000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xF6A86000 \SystemRoot\system32\drivers\smwdm.sys
0xF6A62000 \SystemRoot\system32\drivers\portcls.sys
0xF7870000 \SystemRoot\system32\drivers\drmk.sys
0xF6A3F000 \SystemRoot\system32\drivers\ks.sys
0xF6A1F000 \SystemRoot\system32\drivers\aeaudio.sys
0xF69EE000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF68EF000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6847000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7940000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7880000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7948000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7B3E000 \SystemRoot\System32\DRIVERS\TPInput.sys
0xF681B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B40000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7950000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7958000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7135000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6807000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7960000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xF7131000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF7129000 \SystemRoot\system32\DRIVERS\NscTpmDD.sys
0xF7125000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7121000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF76B0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B42000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7119000 \SystemRoot\system32\drivers\pfc.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76D0000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7968000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7970000 \SystemRoot\system32\drivers\btaudio.sys
0xF7D21000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7978000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7980000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF76E0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF710D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF67F0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76F0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7700000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF67DF000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7710000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7988000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7990000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF679A000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0xF7998000 \SystemRoot\system32\DRIVERS\btport.sys
0xF676A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7720000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B44000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF666C000 \SystemRoot\system32\DRIVERS\update.sys
0xF6DB8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7730000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7780000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF714D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79A8000 \SystemRoot\System32\Drivers\tcusb.sys
0xF25AB000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xF2598000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xF77D0000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xF244C000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100924.004\navex15.sys
0xF2438000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100924.004\naveng.sys
0xF7B56000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BFE000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B58000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79E0000 \SystemRoot\system32\drivers\ssrtln.sys
0xF79F0000 \SystemRoot\System32\drivers\vga.sys
0xF7B5E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B60000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79F8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A00000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF67D7000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF2405000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF23AC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF236C000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xF2346000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7810000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF231E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF22FC000 \SystemRoot\System32\drivers\afd.sys
0xF7820000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF78F8000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xF7908000 \SystemRoot\System32\drivers\Tppwrif.sys
0xF25FA000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF7910000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF7920000 \SystemRoot\System32\drivers\Smapint.sys
0xF7BA8000 \SystemRoot\System32\Drivers\ShockMgr.SYS
0xF2211000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF21A1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7CEF000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF7840000 \SystemRoot\System32\Drivers\Fips.SYS
0xF67CB000 \SystemRoot\System32\drivers\ANC.SYS
0xF675A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF2161000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B26000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF260A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79E8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB0000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF057000 \SystemRoot\System32\ati2cqag.dll
0xBF0AE000 \SystemRoot\System32\atikvmag.dll
0xBF0FD000 \SystemRoot\System32\ati3duag.dll
0xBF3B6000 \SystemRoot\System32\ativvaxx.dll
0xF77E0000 \SystemRoot\system32\drivers\drvnddm.sys
0xF78B8000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xF7C61000 \SystemRoot\system32\dla\tfsndres.sys
0xEFDBB000 \SystemRoot\system32\dla\tfsnifs.sys
0xEFE89000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7BA0000 \SystemRoot\system32\dla\tfsnpool.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF78E8000 \SystemRoot\system32\dla\tfsnboio.sys
0xF228C000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7CEB000 \SystemRoot\system32\dla\tfsndrct.sys
0xEFD7A000 \SystemRoot\system32\dla\tfsnudf.sys
0xEFD61000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEFB93000 \SystemRoot\system32\DRIVERS\irda.sys
0xEFE3D000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xEFCB1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEF8E6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7CD5000 \SystemRoot\System32\Drivers\cvintdrv.SYS
0xEFA93000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xF7B52000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xEFA5B000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xEF8E2000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7B6E000 \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
0xEF727000 \SystemRoot\system32\DRIVERS\srv.sys
0xEF2B2000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF5CF000 \SystemRoot\system32\drivers\sysaudio.sys
0xEEFDC000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xEEDC2000 \??\C:\DOCUME~1\jim\LOCALS~1\Temp\kgldqpob.sys
0xEED9E000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEED73000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
848 C:\WINDOWS\system32\smss.exe
904 csrss.exe
932 C:\WINDOWS\system32\winlogon.exe
976 C:\WINDOWS\system32\services.exe
988 C:\WINDOWS\system32\lsass.exe
1168 C:\Program Files\Common Files\Virtual Token\vtserver.exe
1212 C:\WINDOWS\system32\ibmpmsvc.exe
1256 C:\WINDOWS\system32\ati2evxx.exe
1276 C:\WINDOWS\system32\svchost.exe
1336 svchost.exe
1376 C:\WINDOWS\system32\svchost.exe
1440 C:\WINDOWS\system32\ati2evxx.exe
1604 svchost.exe
1668 svchost.exe
1764 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1788 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
1920 C:\WINDOWS\system32\spoolsv.exe
2036 svchost.exe
280 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
304 C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
328 C:\Program Files\Symantec AntiVirus\DefWatch.exe
352 C:\Program Files\Executive Software\Diskeeper\DkService.exe
432 C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
568 C:\WINDOWS\system32\QCONSVC.EXE
652 C:\Program Files\Dantz\Retrospect\retrorun.exe
880 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
1464 C:\WINDOWS\system32\TPHDEXLG.exe
1536 C:\WINDOWS\system32\TpKmpSvc.exe
1572 wdfmgr.exe
2212 C:\WINDOWS\system32\acs.exe
2272 alg.exe
1784 C:\WINDOWS\explorer.exe
2080 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3092 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3376 C:\WINDOWS\system32\TpShocks.exe
3416 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
3540 C:\WINDOWS\system32\dla\tfswctrl.exe
3552 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
3568 C:\WINDOWS\system32\rundll32.exe
3600 C:\WINDOWS\MXOALDR.EXE
3688 C:\PROGRA~1\ThinkPad\CONNEC~1\QCTRAY.EXE
3712 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
3724 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
3752 C:\IBMTOOLS\utils\ibmprc.exe
3812 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3828 C:\PROGRA~1\SYMANT~1\VPTray.exe
2412 C:\WINDOWS\system32\ctfmon.exe
4004 C:\Program Files\Mozilla Firefox\firefox.exe
420 C:\Program Files\Mozilla Firefox\plugin-container.exe
384 C:\Documents and Settings\jim\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541080G9AT00, Rev: MB4IA5BJ

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: A77FC752B9B9391EA825D18AA933BEB95B4C5309

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

broni · 2010/09/27

Your MBR seems to be infected....

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

BigMarklin · 2010/09/27

Hi Broni,

Here is the MBRCheck log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 174):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7B10000 \WINDOWS\system32\KDCOM.DLL
0xF7A20000 \WINDOWS\system32\BOOTVID.dll
0xF74E1000 ACPI.sys
0xF7B12000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74D0000 pci.sys
0xF7610000 isapnp.sys
0xF7A24000 compbatt.sys
0xF7A28000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BD8000 pciide.sys
0xF7890000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B2000 pcmcia.sys
0xF7620000 MountMgr.sys
0xF7493000 ftdisk.sys
0xF7B14000 dmload.sys
0xF746D000 dmio.sys
0xF7898000 PartMgr.sys
0xF7A2C000 ACPIEC.sys
0xF7BD9000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7630000 Shockprf.sys
0xF7A30000 TPDiskPM.sys
0xF7640000 VolSnap.sys
0xF7455000 atapi.sys
0xF7650000 disk.sys
0xF7660000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7435000 fltmgr.sys
0xF7423000 sr.sys
0xF7670000 PxHelp20.sys
0xF740E000 drvmcdb.sys
0xF73F7000 KSecDD.sys
0xF736A000 Ntfs.sys
0xF7B16000 ANCSQ.sys
0xF733D000 \WINDOWS\System32\drivers\NDIS.SYS
0xF7300000 timntr.sys
0xF72E8000 snapman.sys
0xF72CE000 Mup.sys
0xF71A2000 btkrnl.sys
0xF7860000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6B7E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6B6A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6B4B000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF7930000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6B27000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7938000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6AC6000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xF6A86000 \SystemRoot\system32\drivers\smwdm.sys
0xF6A62000 \SystemRoot\system32\drivers\portcls.sys
0xF7870000 \SystemRoot\system32\drivers\drmk.sys
0xF6A3F000 \SystemRoot\system32\drivers\ks.sys
0xF6A1F000 \SystemRoot\system32\drivers\aeaudio.sys
0xF69EE000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF68EF000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6847000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7940000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7880000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7948000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7B3E000 \SystemRoot\System32\DRIVERS\TPInput.sys
0xF681B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7B40000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7950000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7958000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7135000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6807000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7960000 \SystemRoot\system32\DRIVERS\nscirda.sys
0xF7131000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF7129000 \SystemRoot\system32\DRIVERS\NscTpmDD.sys
0xF7125000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7121000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xF76B0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7B42000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF7119000 \SystemRoot\system32\drivers\pfc.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76D0000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7968000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7970000 \SystemRoot\system32\drivers\btaudio.sys
0xF7D21000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7978000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF7980000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF76E0000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF710D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF67F0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76F0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7700000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF67DF000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7710000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7988000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7990000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF679A000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0xF7998000 \SystemRoot\system32\DRIVERS\btport.sys
0xF676A000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7720000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B44000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF666C000 \SystemRoot\system32\DRIVERS\update.sys
0xF6DB8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7730000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7780000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7151000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79A8000 \SystemRoot\System32\Drivers\tcusb.sys
0xF25AB000 \??\C:\Program Files\Symantec AntiVirus\savrt.sys
0xF2598000 \??\C:\Program Files\Symantec\SYMEVENT.SYS
0xF77D0000 \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
0xF244C000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100924.004\navex15.sys
0xF2438000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100924.004\naveng.sys
0xF7B56000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BFD000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B58000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79E0000 \SystemRoot\system32\drivers\ssrtln.sys
0xF79F0000 \SystemRoot\System32\drivers\vga.sys
0xF7B5E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B60000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79F8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A00000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF67DB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF2405000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF23AC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF236C000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xF2346000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7810000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF231E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF22FC000 \SystemRoot\System32\drivers\afd.sys
0xF7820000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF78D8000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xF78E0000 \SystemRoot\System32\drivers\Tppwrif.sys
0xF664C000 \SystemRoot\System32\Drivers\TPHKDRV.SYS
0xF78F0000 \SystemRoot\System32\drivers\TDSMAPI.SYS
0xF7900000 \SystemRoot\System32\drivers\Smapint.sys
0xF7BA2000 \SystemRoot\System32\Drivers\ShockMgr.SYS
0xF2211000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF21A1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7BEC000 \SystemRoot\System32\drivers\IBMBLDID.SYS
0xF7840000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7149000 \SystemRoot\System32\drivers\ANC.SYS
0xF675A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF2161000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B2C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF2612000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7A08000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CA8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF057000 \SystemRoot\System32\ati2cqag.dll
0xBF0AE000 \SystemRoot\System32\atikvmag.dll
0xBF0FD000 \SystemRoot\System32\ati3duag.dll
0xBF3B6000 \SystemRoot\System32\ativvaxx.dll
0xF77F0000 \SystemRoot\system32\drivers\drvnddm.sys
0xF78C0000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xF7C76000 \SystemRoot\system32\dla\tfsndres.sys
0xEFDBB000 \SystemRoot\system32\dla\tfsnifs.sys
0xEFE8D000 \SystemRoot\system32\dla\tfsnopio.sys
0xF7BA8000 \SystemRoot\system32\dla\tfsnpool.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF7910000 \SystemRoot\system32\dla\tfsnboio.sys
0xF227C000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7BF3000 \SystemRoot\system32\dla\tfsndrct.sys
0xEFCDA000 \SystemRoot\system32\dla\tfsnudf.sys
0xEFCC1000 \SystemRoot\system32\dla\tfsnudfa.sys
0xEFBBB000 \SystemRoot\system32\DRIVERS\irda.sys
0xEFE41000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xEFCB5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEF8E6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7CCA000 \SystemRoot\System32\Drivers\cvintdrv.SYS
0xEFA8F000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xF7B66000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xEFA0B000 \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
0xEF8CA000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7B8C000 \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
0xEF791000 \SystemRoot\system32\drivers\wdmaud.sys
0xEF953000 \SystemRoot\system32\drivers\sysaudio.sys
0xEF464000 \SystemRoot\system32\DRIVERS\srv.sys
0xEEEC8000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 53):
0 System Idle Process
4 System
844 C:\WINDOWS\system32\smss.exe
900 csrss.exe
928 C:\WINDOWS\system32\winlogon.exe
972 C:\WINDOWS\system32\services.exe
984 C:\WINDOWS\system32\lsass.exe
1164 C:\Program Files\Common Files\Virtual Token\vtserver.exe
1208 C:\WINDOWS\system32\ibmpmsvc.exe
1252 C:\WINDOWS\system32\ati2evxx.exe
1272 C:\WINDOWS\system32\svchost.exe
1332 svchost.exe
1372 C:\WINDOWS\system32\svchost.exe
1436 C:\WINDOWS\system32\ati2evxx.exe
1592 svchost.exe
1656 svchost.exe
1760 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1788 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
1928 C:\WINDOWS\system32\spoolsv.exe
1988 svchost.exe
276 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
300 C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
316 C:\Program Files\Symantec AntiVirus\DefWatch.exe
412 C:\Program Files\Executive Software\Diskeeper\DkService.exe
448 C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
692 C:\WINDOWS\system32\QCONSVC.EXE
1512 C:\Program Files\Dantz\Retrospect\retrorun.exe
1584 C:\WINDOWS\explorer.exe
392 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2044 C:\WINDOWS\system32\TPHDEXLG.exe
2084 C:\WINDOWS\system32\TpKmpSvc.exe
2104 wdfmgr.exe
2332 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
2352 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2404 C:\WINDOWS\system32\TpShocks.exe
2448 C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
2528 C:\WINDOWS\system32\dla\tfswctrl.exe
2540 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
2600 C:\WINDOWS\system32\rundll32.exe
2616 C:\WINDOWS\MXOALDR.EXE
2632 C:\PROGRA~1\ThinkPad\CONNEC~1\QCTRAY.EXE
2664 C:\IBMTOOLS\utils\ibmprc.exe
2684 C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
2744 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
2772 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
2792 C:\PROGRA~1\SYMANT~1\VPTray.exe
2864 C:\WINDOWS\system32\ctfmon.exe
2980 C:\WINDOWS\system32\wuauclt.exe
3444 C:\WINDOWS\system32\wscntfy.exe
3448 wmiprvse.exe
3572 C:\WINDOWS\system32\acs.exe
1184 alg.exe
224 C:\Documents and Settings\jim\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HTS541080G9AT00, Rev: MB4IA5BJ

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Thanks; Also, I did get the profile message that I mentioned in my first post.

broni · 2010/09/27

We'll see about it, when your computer is clean...

MBRCheck log looks good

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

BigMarklin · 2010/09/27

Hi Broni,

At around "Stage_50" of ComboFix I got a BSOD. I'll give it another try.

broni · 2010/09/27

Please, do.
If still a problem, you can run it from safe mode.

BigMarklin · 2010/09/27

Hi Broni,

ComboFix gives me a warning that the following real time scanner is active: Symantec Antivirus Corporate Edition.
I have "disabled" everything I can find. I even stopped all services with Symantec in the name, but ComboFix still thinks some component is running. Any ideas?
Thanks,

broni · 2010/09/27

I have "disabled" everything I can find
Click to expand...

If you did, disregard Combofix warning.

BigMarklin · 2010/09/27

I had to run it from safe mode, but it did complete.
Here is the log.

ComboFix 10-09-27.04 - Jim 09/27/2010 23:46:03.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.505 [GMT -4:00]
Running from: c:\documents and settings\jim\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-26 14:31 . 2010-09-26 14:31 -------- d-----w- c:\documents and settings\Mackie\Local Settings\Application Data\Mozilla
2010-09-26 14:29 . 2010-09-26 14:29 -------- d-----w- c:\documents and settings\Mackie\Local Settings\Application Data\Symantec
2010-09-26 13:34 . 2010-09-26 13:34 -------- d-----w- c:\program files\AML Products
2010-09-25 21:23 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-25 01:31 . 2010-09-25 01:32 -------- d-----w- c:\documents and settings\jim\Application Data\QuickScan
2010-09-20 23:21 . 2010-09-20 23:21 -------- d-----w- c:\documents and settings\jim\Application Data\Malwarebytes
2010-09-20 23:21 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-20 23:21 . 2010-09-20 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-20 23:21 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 23:21 . 2010-09-20 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 21:32 . 2010-09-20 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-12 19:20 . 2010-09-12 19:21 -------- d-----w- c:\windows\system32\NtmsData
2010-09-12 14:31 . 2004-03-05 03:46 83168 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-12 14:31 . 2004-03-05 03:46 82832 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 14:31 . 2010-09-28 03:21 -------- d-----w- c:\program files\Symantec AntiVirus
2010-09-12 14:31 . 2010-09-12 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-07 11:33 . 2010-08-30 18:33 43008 ----a-w- c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-07 11:33 . 2010-08-30 18:33 338944 ----a-w- c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-07 11:33 . 2010-08-30 18:33 346112 ----a-w- c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-07 11:33 . 2010-08-30 18:34 1496064 ----a-w- c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-07 03:45 . 2010-09-07 03:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-07 02:55 . 2010-09-07 02:55 -------- d-----w- c:\program files\Sophos
2010-09-06 22:16 . 2010-09-06 22:16 -------- d-----w- c:\documents and settings\jim\IECompatCache
2010-09-06 22:07 . 2010-09-06 22:07 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2010-09-06 21:31 . 2010-05-31 17:24 8224768 ----a-w- C:\ntuser.dat
2010-09-06 17:44 . 2010-09-06 17:44 -------- d-----w- c:\documents and settings\Nancy\IETldCache
2010-09-04 19:03 . 2010-09-04 19:03 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2010-09-04 18:45 . 2010-09-04 18:45 -------- d-----w- c:\documents and settings\jim\PrivacIE
2010-09-04 18:35 . 2010-09-04 18:35 -------- d-----w- c:\documents and settings\jim\IETldCache
2010-09-04 18:26 . 2010-09-04 18:28 -------- d-----w- c:\windows\ie8updates
2010-09-04 18:20 . 2010-09-07 03:41 -------- dc----w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 01:48 . 2007-06-16 22:47 54576 ----a-w- c:\documents and settings\jim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 14:10 . 2008-03-08 00:28 -------- d-----w- c:\program files\Uniblue
2010-09-25 01:51 . 2010-06-19 03:55 -------- d-----w- c:\program files\CCleaner
2010-09-24 02:41 . 2005-03-03 15:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-18 19:52 . 2006-04-13 03:21 -------- d-----w- c:\program files\Extensis
2010-09-13 01:23 . 2005-03-03 15:31 90112 ----a-w- c:\windows\DUMPc43a.tmp
2010-09-13 01:22 . 2005-03-03 15:31 90112 ----a-w- c:\windows\DUMPb9da.tmp
2010-09-12 19:13 . 2005-03-31 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-12 14:32 . 2005-03-30 22:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-12 14:31 . 2009-07-09 03:22 -------- d-----w- c:\program files\Symantec
2010-09-07 03:42 . 2007-12-27 03:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 18:51 . 2010-07-21 00:50 -------- d-----w- c:\documents and settings\jim\Application Data\ElevatedDiagnostics
2010-09-04 17:46 . 2005-03-03 15:31 94208 ----a-w- c:\windows\DUMPc4a7.tmp
2010-08-27 04:00 . 2010-08-27 04:00 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-17 13:17 . 1980-01-01 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 1980-01-01 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-20 02:21 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-06-30 12:31 . 1980-01-01 08:00 149504 ----a-w- c:\windows\system32\schannel.dll
2001-12-14 05:56 . 2001-12-14 05:56 98304 ----a-w- c:\program files\internet explorer\plugins\LVActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 110592]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 512000]
"TPKMAPHELPER "= "c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TpShocks "= "TpShocks.exe" [2004-10-27 106496]
"TPHOTKEY "= "c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-11-17 94208]
"TP4EX "= "tp4ex.exe" [2004-11-12 40960]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-12 344064]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"QCWLICON "= "c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-11-09 81920]
"PWRMGRTR "= "c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2004-12-21 135168]
"MXO Auto Loader "= "c:\windows\MXOALDR.EXE" [2003-04-08 118784]
"QCTray "= "c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe" [2004-11-09 712704]
"IBMPRC "= "c:\ibmtools\UTILS\ibmprc.exe" [2004-12-16 90112]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2004-07-20 124112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical "= 00000000
"NoSMMyPictures "= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2004-11-04 17:51 108636 ----a-w- c:\program files\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-11-09 11:53 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 04:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe "=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe "=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe "=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [12/16/2004 4:03 AM 6912]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [3/3/2005 11:41 AM 14208]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [3/3/2005 11:41 AM 6016]
S1 HWiNFO32;HWiNFO32 Kernel Driver; [x]
S2 mrtRate;mrtRate; [x]
S2 NatMotion;NatMotion; [x]
S3 gpibclsb;GPIB Board Class Driver;c:\windows\system32\Drivers\gpibclsb.sys --> c:\windows\system32\Drivers\gpibclsb.sys [?]
S3 gpibclsd;GPIB Device Class Driver;c:\windows\system32\Drivers\gpibclsd.sys --> c:\windows\system32\Drivers\gpibclsd.sys [?]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [3/3/2005 12:00 PM 12288]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 3:18 PM 169192]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MRTRATE
*NewlyCreated* - NATMOTION
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-28 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-03-03 09:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - hxxps://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
DPF: {204D07F5-A3D9-4872-9A11-C750A5B52163} - hxxps://app.primecontract.com/primecontractsupport/brava/PreloadX.cab
FF - ProfilePath - c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - component: c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\jim\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-27 23:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(336)
c:\windows\system32\Ati2evxx.dll
c:\program files\IBM fingerprint software\psfus.dll
c:\program files\Common Files\Virtual Token\psutil.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(392)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1996)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-09-27 23:57:47
ComboFix-quarantined-files.txt 2010-09-28 03:57

Pre-Run: 50,045,693,952 bytes free
Post-Run: 50,010,390,528 bytes free

- - End Of File - - 9E958E7B15FEBF445BF0D87317CF885F

Thanks,

Since I'm on the East Coast, I think I'll call it quits for tonight and pick back up tomorrow. Thanks again for your help.
Jim

broni · 2010/09/27

Your homework for tomorrow

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\DUMPc43a.tmp
c:\windows\DUMPb9da.tmp
c:\windows\DUMPc4a7.tmp
c:\windows\ativpsrm.bin
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

BigMarklin · 2010/09/28

Hi Broni,

Here is the latest log.

ComboFix 10-09-27.04 - Jim 09/28/2010 20:05:38.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.339 [GMT -4:00]
Running from: c:\documents and settings\jim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jim\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\windows\ativpsrm.bin "
"c:\windows\DUMPb9da.tmp "
"c:\windows\DUMPc43a.tmp "
"c:\windows\DUMPc4a7.tmp "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ativpsrm.bin
c:\windows\DUMPb9da.tmp
c:\windows\DUMPc43a.tmp
c:\windows\DUMPc4a7.tmp

.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-26 14:31 . 2010-09-26 14:31 -------- d-----w- c:\documents and settings\Mackie\Local Settings\Application Data\Mozilla
2010-09-26 14:29 . 2010-09-26 14:29 -------- d-----w- c:\documents and settings\Mackie\Local Settings\Application Data\Symantec
2010-09-26 13:34 . 2010-09-26 13:34 -------- d-----w- c:\program files\AML Products
2010-09-25 21:23 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-09-25 01:31 . 2010-09-25 01:32 -------- d-----w- c:\documents and settings\jim\Application Data\QuickScan
2010-09-20 23:21 . 2010-09-20 23:21 -------- d-----w- c:\documents and settings\jim\Application Data\Malwarebytes
2010-09-20 23:21 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-20 23:21 . 2010-09-20 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-20 23:21 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 23:21 . 2010-09-20 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-20 21:32 . 2010-09-20 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-12 19:20 . 2010-09-12 19:21 -------- d-----w- c:\windows\system32\NtmsData
2010-09-12 14:31 . 2004-03-05 03:46 83168 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-12 14:31 . 2004-03-05 03:46 82832 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 14:31 . 2010-09-28 23:42 -------- d-----w- c:\program files\Symantec AntiVirus
2010-09-12 14:31 . 2010-09-12 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-07 11:33 . 2010-08-30 18:33 43008 ----a-w- c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-07 11:33 . 2010-08-30 18:33 338944 ----a-w- c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-07 11:33 . 2010-08-30 18:33 346112 ----a-w- c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-07 11:33 . 2010-08-30 18:34 1496064 ----a-w- c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-07 03:45 . 2010-09-07 03:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-07 02:55 . 2010-09-07 02:55 -------- d-----w- c:\program files\Sophos
2010-09-06 22:16 . 2010-09-06 22:16 -------- d-----w- c:\documents and settings\jim\IECompatCache
2010-09-06 22:07 . 2010-09-06 22:07 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2010-09-06 21:31 . 2010-05-31 17:24 8224768 ----a-w- C:\ntuser.dat
2010-09-06 17:44 . 2010-09-06 17:44 -------- d-----w- c:\documents and settings\Nancy\IETldCache
2010-09-04 19:03 . 2010-09-04 19:03 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2010-09-04 18:45 . 2010-09-04 18:45 -------- d-----w- c:\documents and settings\jim\PrivacIE
2010-09-04 18:35 . 2010-09-04 18:35 -------- d-----w- c:\documents and settings\jim\IETldCache
2010-09-04 18:26 . 2010-09-04 18:28 -------- d-----w- c:\windows\ie8updates
2010-09-04 18:20 . 2010-09-07 03:41 -------- dc----w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 01:48 . 2007-06-16 22:47 54576 ----a-w- c:\documents and settings\jim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 14:10 . 2008-03-08 00:28 -------- d-----w- c:\program files\Uniblue
2010-09-25 01:51 . 2010-06-19 03:55 -------- d-----w- c:\program files\CCleaner
2010-09-24 02:41 . 2005-03-03 15:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-18 19:52 . 2006-04-13 03:21 -------- d-----w- c:\program files\Extensis
2010-09-12 19:13 . 2005-03-31 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-12 14:32 . 2005-03-30 22:37 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-12 14:31 . 2009-07-09 03:22 -------- d-----w- c:\program files\Symantec
2010-09-07 03:42 . 2007-12-27 03:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-04 18:51 . 2010-07-21 00:50 -------- d-----w- c:\documents and settings\jim\Application Data\ElevatedDiagnostics
2010-08-17 13:17 . 1980-01-01 08:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 1980-01-01 08:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-20 02:21 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2001-12-14 05:56 . 2001-12-14 05:56 98304 ----a-w- c:\program files\internet explorer\plugins\LVActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr "= "c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 110592]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 512000]
"TPKMAPHELPER "= "c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TpShocks "= "TpShocks.exe" [2004-10-27 106496]
"TPHOTKEY "= "c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-11-17 94208]
"TP4EX "= "tp4ex.exe" [2004-11-12 40960]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-12 344064]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"QCWLICON "= "c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-11-09 81920]
"PWRMGRTR "= "c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2004-12-21 135168]
"MXO Auto Loader "= "c:\windows\MXOALDR.EXE" [2003-04-08 118784]
"QCTray "= "c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe" [2004-11-09 712704]
"IBMPRC "= "c:\ibmtools\UTILS\ibmprc.exe" [2004-12-16 90112]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2004-07-20 124112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical "= 00000000
"NoSMMyPictures "= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2004-11-04 17:51 108636 ----a-w- c:\program files\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-11-09 11:53 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 04:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe "=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe "=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe "=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [12/16/2004 4:03 AM 6912]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [3/3/2005 11:41 AM 14208]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [3/3/2005 11:41 AM 6016]
S1 HWiNFO32;HWiNFO32 Kernel Driver; [x]
S2 mrtRate;mrtRate; [x]
S2 NatMotion;NatMotion; [x]
S3 gpibclsb;GPIB Board Class Driver;c:\windows\system32\Drivers\gpibclsb.sys --> c:\windows\system32\Drivers\gpibclsb.sys [?]
S3 gpibclsd;GPIB Device Class Driver;c:\windows\system32\Drivers\gpibclsd.sys --> c:\windows\system32\Drivers\gpibclsd.sys [?]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [3/3/2005 12:00 PM 12288]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 3:18 PM 169192]
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-28 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2005-03-03 09:00]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - hxxps://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
DPF: {204D07F5-A3D9-4872-9A11-C750A5B52163} - hxxps://app.primecontract.com/primecontractsupport/brava/PreloadX.cab
FF - ProfilePath - c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - component: c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\documents and settings\jim\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-28 20:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
c:\program files\IBM fingerprint software\psfus.dll
c:\program files\Common Files\Virtual Token\psutil.dll
c:\windows\system32\tphklock.dll
c:\windows\system32\QConGina.dll

- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-09-28 20:34:12
ComboFix-quarantined-files.txt 2010-09-29 00:33
ComboFix2.txt 2010-09-28 03:57

Pre-Run: 50,019,237,888 bytes free
Post-Run: 50,001,797,120 bytes free

- - End Of File - - 65EDFF91B7E0940F1C07D087CD98973A

Thanks!

broni · 2010/09/28

Looks good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

BigMarklin · 2010/09/28

Hi Broni,

Here is about half of OTL.txt. The BBS says the message is too long so I had to break it up

OTL logfile created on: 9/28/2010 9:07:12 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 283.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.60 Gb Total Space | 46.60 Gb Free Space | 66.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBMLAPTOP
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/28 21:04:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/11 01:30:40 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2005/07/26 17:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2004/12/16 05:49:44 | 000,385,024 | ---- | M] () -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2004/12/16 04:41:56 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2004/11/17 04:48:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/11/09 07:53:00 | 000,712,704 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2004/11/09 07:53:00 | 000,081,920 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2004/11/09 07:53:00 | 000,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2004/11/04 13:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
PRC - [2004/10/27 19:58:54 | 000,106,496 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2004/10/01 19:06:34 | 000,163,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
PRC - [2004/09/06 20:03:52 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/07/20 01:20:26 | 000,124,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/07/20 01:19:34 | 001,258,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/07/20 01:18:52 | 000,029,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/07/17 00:24:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/05/24 14:25:04 | 000,077,824 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2004/02/29 16:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/02/29 16:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/02/29 16:44:46 | 000,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2003/07/11 22:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2003/04/07 22:09:48 | 000,118,784 | ---- | M] (Cypress Semiconductor) -- C:\WINDOWS\MXOALDR.EXE
PRC - [2003/01/03 14:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2002/01/10 19:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

========== Modules (SafeList) ==========

MOD - [2010/09/28 21:04:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/08/11 01:30:34 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2005/10/12 17:21:50 | 000,172,032 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005/07/26 17:51:22 | 000,606,316 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/03/03 11:58:40 | 000,032,256 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\psasrv.exe -- (PsaSrv)
SRV - [2004/12/16 05:49:44 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2004/11/09 07:53:00 | 000,073,728 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004/11/04 13:47:04 | 000,040,547 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver)
SRV - [2004/10/01 19:06:34 | 000,163,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2004/07/20 01:19:34 | 001,258,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2004/07/20 01:18:52 | 000,029,912 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2004/07/17 00:24:24 | 000,036,864 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/06/11 21:28:30 | 000,201,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/05/24 14:25:04 | 000,077,824 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2004/03/12 15:18:06 | 000,169,192 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2004/02/29 16:44:54 | 000,242,808 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/02/29 16:44:52 | 000,087,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/02/29 16:44:48 | 000,255,096 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2003/07/11 22:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2003/01/03 14:20:48 | 000,057,344 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)
SRV - [2003/01/03 14:20:48 | 000,029,184 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gpibclsd.sys -- (gpibclsd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gpibclsb.sys -- (gpibclsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\jim\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/24 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100924.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/24 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100924.004\NAVENG.SYS -- (NAVENG)
DRV - [2008/11/08 22:27:49 | 000,249,152 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/11/08 22:27:49 | 000,030,688 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/08 22:27:44 | 000,096,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/04/14 00:24:38 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/08/11 01:25:28 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/06/01 02:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/04/05 15:27:56 | 001,989,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/03 11:58:40 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/03/03 11:40:20 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/12/21 05:40:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2004/12/21 05:40:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2004/12/21 05:00:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2004/12/16 05:12:20 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2004/12/16 04:04:44 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2004/12/16 04:03:34 | 000,006,912 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2004/12/06 21:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/12/02 20:14:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)
DRV - [2004/12/02 19:54:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
DRV - [2004/12/01 06:33:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2004/11/10 20:47:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/11/10 20:46:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/10 20:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/09 07:53:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2004/11/09 07:53:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2004/11/09 07:53:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2004/11/04 13:52:10 | 000,024,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2004/10/01 18:51:46 | 000,017,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004/10/01 18:48:30 | 001,241,482 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/10/01 18:47:06 | 000,147,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004/10/01 18:44:22 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004/10/01 18:43:44 | 000,054,488 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/09/06 20:03:46 | 000,016,370 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2004/09/02 05:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/09/02 05:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/09/02 05:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/09/02 05:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/09/02 05:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/09/02 05:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/09/02 05:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/09/02 05:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/09/02 05:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/17 07:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 02:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/26 11:00:00 | 000,007,140 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [2004/07/22 22:41:42 | 000,393,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/07/14 15:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 15:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/07/14 06:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/06/11 21:28:10 | 000,263,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/06/11 21:28:08 | 000,016,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/05/19 17:41:26 | 000,013,757 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2004/05/14 18:08:40 | 000,059,776 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
DRV - [2004/05/14 16:59:00 | 000,004,608 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2004/04/13 14:54:58 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2004/03/04 23:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/02/09 15:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/02/09 15:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2003/09/19 19:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/04/14 20:00:40 | 000,032,512 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2001/11/13 12:47:26 | 000,041,324 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\winio.sys -- (WINIO)
DRV - [2001/08/17 18:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 17:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 17:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 17:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 17:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 17:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 17:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 17:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 17:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 17:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2000/06/01 00:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [1999/09/10 08:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)

BigMarklin · 2010/09/28

Here is the other half.

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/ "
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: ramback@pavlov.net:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {e8f509f0-b677-11de-8a39-0800200c9a66}:1.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/26 10:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 20:38:59 | 000,000,000 | ---D | M]

[2008/07/04 12:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Mozilla\Extensions
[2010/09/28 20:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions
[2010/04/27 21:57:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/07 07:33:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/01 22:34:12 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/01/29 00:06:38 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/21 12:00:57 | 000,000,000 | ---D | M] (Web2PDF converter) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}
[2010/09/23 22:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\en-US@dictionaries.addons.mozilla.org
[2008/07/04 12:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\ramback@pavlov.net
[2010/09/28 19:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll

O1 HOSTS File: ([2010/09/28 20:21:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.)
O4 - HKLM..\Run: [QCTray] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (PeoplePC Web Installer)
O16 - DPF: {204D07F5-A3D9-4872-9A11-C750A5B52163} https://app.primecontract.com/primecontractsupport/brava/PreloadX.cab (PreloadX Class)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262362662208 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1262363863328 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\IBM fingerprint software\psfus.dll - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Resources\Themes\Think Theme\IBM Think.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Resources\Themes\Think Theme\IBM Think.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/29 19:49:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/28 21:04:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2010/09/27 22:45:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/27 22:41:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/27 22:41:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/27 22:41:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/27 22:41:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/27 22:27:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/27 21:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Desktop\NTBR_CD
[2010/09/26 12:05:39 | 000,288,654 | ---- | C] ( ) -- C:\Documents and Settings\jim\Desktop\SafeBootKeyRepair.exe
[2010/09/26 09:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\AML Products
[2010/09/24 21:51:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jim\Recent
[2010/09/24 21:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\QuickScan
[2010/09/20 19:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\Malwarebytes
[2010/09/20 19:21:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/20 19:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/20 19:21:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/20 19:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/20 17:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/18 15:38:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jim\My Documents
[2010/09/12 15:20:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/09/12 10:31:45 | 000,083,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/09/12 10:31:45 | 000,082,832 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/09/12 10:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2010/09/12 10:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/09/06 23:41:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/09/06 22:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/09/06 18:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\IECompatCache
[2010/09/04 14:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\PrivacIE
[2010/09/04 14:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\IETldCache
[2010/09/04 14:26:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/09/04 14:20:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/08/22 19:58:24 | 000,000,000 | ---D | C] -- C:\My Documents\Stuff_From_Jump_Drive
[2010/07/20 20:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\ElevatedDiagnostics
[2010/07/20 20:48:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/10 21:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\Thunderbird
[2008/04/20 22:48:22 | 000,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\jim\Application Data\ezplay.sys
[2008/04/20 22:48:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\jim\Application Data\pcouffin.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/28 21:04:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2010/09/28 20:45:53 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/09/28 20:45:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/28 20:42:37 | 004,285,762 | -H-- | M] () -- C:\Documents and Settings\jim\Local Settings\Application Data\IconCache.db
[2010/09/28 20:41:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jim\ntuser.ini
[2010/09/28 20:41:42 | 008,224,768 | ---- | M] () -- C:\Documents and Settings\jim\ntuser.dat
[2010/09/28 20:40:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/28 20:40:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/28 20:22:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/28 20:21:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/27 22:45:40 | 000,000,338 | RHS- | M] () -- C:\BOOT.INI
[2010/09/27 22:14:56 | 003,855,255 | R--- | M] () -- C:\Documents and Settings\jim\Desktop\ComboFix.exe
[2010/09/27 21:48:40 | 000,054,576 | ---- | M] () -- C:\Documents and Settings\jim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/27 21:24:45 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\NTBR_CD.exe
[2010/09/27 01:12:24 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\MBRCheck.exe
[2010/09/26 23:59:01 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\9ud8jgry.exe
[2010/09/26 12:07:23 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\dds.scr
[2010/09/26 12:05:40 | 000,288,654 | ---- | M] ( ) -- C:\Documents and Settings\jim\Desktop\SafeBootKeyRepair.exe
[2010/09/26 10:08:41 | 000,000,332 | ---- | M] () -- C:\My Documents\cc_20100926_100838.reg
[2010/09/26 10:08:01 | 000,007,940 | ---- | M] () -- C:\My Documents\cc_20100926_100756.reg
[2010/09/26 09:44:00 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/26 09:36:56 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\AML Free Registry Cleaner.lnk
[2010/09/25 18:52:16 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/25 18:49:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/25 18:17:12 | 000,556,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/25 18:17:12 | 000,479,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/25 18:17:12 | 000,087,650 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/19 17:06:26 | 000,000,228 | ---- | M] () -- C:\Boot.bak
[2010/09/18 16:00:10 | 000,003,266 | ---- | M] () -- C:\My Documents\cc_20100918_155957.reg
[2010/09/18 15:39:47 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/12 10:07:58 | 000,004,500 | ---- | M] () -- C:\My Documents\cc_20100912_100745.reg
[2010/09/12 09:53:28 | 008,224,768 | ---- | M] () -- C:\Documents and Settings\jim\ntuser.bak
[2010/09/12 08:49:55 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\jim\Local Settings\Application Data\housecall.guid.cache
[2010/09/04 10:33:07 | 000,000,332 | ---- | M] () -- C:\My Documents\cc_20100904_103304.reg
[2010/09/04 10:32:31 | 000,023,100 | ---- | M] () -- C:\My Documents\cc_20100904_103226.reg
[2010/08/30 23:54:15 | 000,000,528 | ---- | M] () -- C:\My Documents\cc_20100830_235411.reg
[2010/08/30 22:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/29 23:38:07 | 000,018,363 | ---- | M] () -- C:\My Documents\Sayings.pdf
[2010/08/29 23:37:38 | 000,023,552 | ---- | M] () -- C:\My Documents\Sayings.doc
[2010/08/06 20:21:17 | 002,183,952 | ---- | M] () -- C:\My Documents\Mailtraq 1.pdf
[2010/08/05 18:18:25 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/08/02 20:50:42 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2010/08/02 20:42:48 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2010/07/27 23:31:32 | 000,005,784 | ---- | M] () -- C:\My Documents\cc_20100727_233125.reg
[2010/07/13 21:24:06 | 000,000,640 | ---- | M] () -- C:\My Documents\cc_20100713_212400.reg
[2010/07/13 00:21:02 | 000,271,401 | ---- | M] () -- C:\My Documents\Network__3-SMTP_Server_Status_Codes_and_SMTP_Error_Codes.pdf
[2010/07/07 22:36:19 | 000,018,944 | ---- | M] () -- C:\My Documents\Todd Build.xls
[2010/07/03 20:55:08 | 000,192,512 | ---- | M] () -- C:\My Documents\Put data to use.mdb
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/27 22:45:40 | 000,000,228 | ---- | C] () -- C:\Boot.bak
[2010/09/27 22:45:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/27 22:41:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/27 22:41:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/27 22:41:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/27 22:41:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/27 22:41:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/27 22:14:48 | 003,855,255 | R--- | C] () -- C:\Documents and Settings\jim\Desktop\ComboFix.exe
[2010/09/27 21:24:14 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\NTBR_CD.exe
[2010/09/27 01:12:23 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\MBRCheck.exe
[2010/09/26 23:59:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\9ud8jgry.exe
[2010/09/26 12:07:23 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\dds.scr
[2010/09/26 10:08:40 | 000,000,332 | ---- | C] () -- C:\My Documents\cc_20100926_100838.reg
[2010/09/26 10:07:59 | 000,007,940 | ---- | C] () -- C:\My Documents\cc_20100926_100756.reg
[2010/09/26 09:35:02 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\AML Free Registry Cleaner.lnk
[2010/09/25 18:03:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/18 16:00:00 | 000,003,266 | ---- | C] () -- C:\My Documents\cc_20100918_155957.reg
[2010/09/12 10:07:52 | 000,004,500 | ---- | C] () -- C:\My Documents\cc_20100912_100745.reg
[2010/09/12 08:49:55 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\housecall.guid.cache
[2010/09/06 17:31:35 | 008,224,768 | ---- | C] () -- C:\ntuser.dat
[2010/09/04 10:33:06 | 000,000,332 | ---- | C] () -- C:\My Documents\cc_20100904_103304.reg
[2010/09/04 10:32:28 | 000,023,100 | ---- | C] () -- C:\My Documents\cc_20100904_103226.reg
[2010/08/30 23:54:13 | 000,000,528 | ---- | C] () -- C:\My Documents\cc_20100830_235411.reg
[2010/08/29 23:18:55 | 000,018,363 | ---- | C] () -- C:\My Documents\Sayings.pdf
[2010/08/29 23:01:40 | 000,023,552 | ---- | C] () -- C:\My Documents\Sayings.doc
[2010/08/26 23:56:24 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/26 23:56:24 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/08/26 23:56:24 | 000,152,496 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/08/26 23:56:23 | 000,015,577 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/08/12 23:17:43 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\jim\SVKSettings.txt
[2010/08/12 22:02:10 | 008,224,768 | ---- | C] () -- C:\Documents and Settings\jim\ntuser.dat
[2010/08/06 20:21:17 | 002,183,952 | ---- | C] () -- C:\My Documents\Mailtraq 1.pdf
[2010/07/27 23:31:29 | 000,005,784 | ---- | C] () -- C:\My Documents\cc_20100727_233125.reg
[2010/07/13 21:24:03 | 000,000,640 | ---- | C] () -- C:\My Documents\cc_20100713_212400.reg
[2010/07/13 00:21:02 | 000,271,401 | ---- | C] () -- C:\My Documents\Network__3-SMTP_Server_Status_Codes_and_SMTP_Error_Codes.pdf
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/20 22:48:25 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\ezplay.log
[2008/04/20 22:48:22 | 000,007,861 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\ezplay.cat
[2008/04/20 22:48:21 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\ezplay.inf
[2008/04/20 22:48:21 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\ezplay.ini
[2008/04/20 22:48:20 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\pcouffin.log
[2008/04/20 22:48:13 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\pcouffin.cat
[2008/04/20 22:48:13 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\pcouffin.inf
[2007/11/23 00:29:27 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/22 15:18:48 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\AdobeDLM.log
[2007/11/22 15:18:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\dm.ini
[2007/06/17 21:33:51 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2007/06/14 23:04:26 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\fusioncache.dat
[2006/10/30 16:49:03 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2006/10/15 00:20:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/04/22 00:10:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/29 15:08:32 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2005/06/03 10:23:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\clallserial.dll
[2005/04/02 21:14:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imaqconf.ini
[2005/04/02 19:41:44 | 000,000,482 | ---- | C] () -- C:\WINDOWS\Backer32.ini
[2005/04/02 05:06:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/04/02 02:54:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/04/02 02:43:48 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2005/04/02 01:53:19 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/04/01 20:08:15 | 000,041,324 | ---- | C] () -- C:\WINDOWS\System32\winio.sys
[2005/04/01 20:07:57 | 000,000,159 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2005/03/30 19:23:38 | 000,000,534 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/30 18:43:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/03/03 12:30:56 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/03 12:05:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/03 12:04:53 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2005/03/03 12:01:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2005/03/03 12:01:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/03/03 12:01:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005/03/03 12:00:33 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2005/03/03 11:53:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/03 11:53:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/03 11:53:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/03 11:53:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/03 11:53:52 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/03 11:53:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/03 11:53:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/03 11:44:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2005/03/03 11:44:21 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2005/03/03 11:43:41 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2005/03/03 11:40:41 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/03/03 11:40:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/16 04:41:58 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/11/08 21:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/01 19:01:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/09 15:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/26 11:00:00 | 000,007,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2004/01/09 10:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/16 03:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 22:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1980/01/01 04:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 04:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

========== LOP Check ==========

[2008/11/08 22:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2006/06/06 22:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2008/03/07 23:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2010/04/12 22:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2005/04/02 21:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2009/06/13 18:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2008/08/16 20:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/04/11 20:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2
[2009/11/15 01:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/04 14:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\ElevatedDiagnostics
[2007/06/14 23:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\IBM
[2008/03/28 16:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\InterVideo
[2007/06/17 11:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Leadertech
[2010/04/12 22:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\muvee Technologies
[2007/06/17 10:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Nikon
[2009/07/26 21:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\OfficeUpdate12
[2010/09/24 21:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\QuickScan
[2007/11/02 19:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\ThumbsPlus
[2010/07/10 21:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Thunderbird
[2008/04/22 21:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Vso
[2010/09/28 20:45:53 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/03/29 19:49:44 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2010/09/19 17:06:26 | 000,000,228 | ---- | M] () -- C:\Boot.bak
[2010/09/27 22:45:40 | 000,000,338 | RHS- | M] () -- C:\BOOT.INI
[2005/03/03 12:02:42 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2005/03/03 12:06:24 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2004/08/09 14:35:38 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2005/03/03 11:58:48 | 000,000,308 | ---- | M] () -- C:\ccrrec.ver
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/28 20:34:15 | 000,014,022 | ---- | M] () -- C:\ComboFix.txt
[2005/03/29 19:49:44 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2005/03/03 11:52:46 | 000,000,755 | ---- | M] () -- C:\drivez.log
[2009/08/23 12:49:55 | 000,001,760 | ---- | M] () -- C:\engine.log
[2007/07/04 21:29:23 | 000,150,672 | ---- | M] () -- C:\IbmEgath.XML
[2005/03/29 19:49:45 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/10/19 23:58:30 | 002,040,116 | ---- | M] () -- C:\log.txt
[2005/03/03 11:51:06 | 000,000,164 | ---- | M] () -- C:\LOGFILE.txt
[2005/04/02 19:40:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/19 21:52:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/31 13:24:36 | 008,224,768 | ---- | M] () -- C:\ntuser.dat
[2010/09/06 17:36:21 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/09/28 20:40:06 | 1205,477,376 | -HS- | M] () -- C:\pagefile.sys
[2010/09/19 14:42:47 | 000,089,275 | ---- | M] () -- C:\PE-Files.txt
[2005/03/03 12:30:56 | 000,001,287 | ---- | M] () -- C:\SYSLEVEL.IBM
[2005/03/03 12:29:48 | 000,000,044 | ---- | M] () -- C:\TCPACHIP.LOG
[2010/09/19 14:42:35 | 000,089,275 | ---- | M] () -- C:\Win-Files.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/09 14:54:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2004/11/04 20:40:14 | 000,329,160 | ---- | M] () -- C:\WINDOWS\1024 x 768 IBM Americas Map.jpg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/09 14:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 14:45:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 14:45:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/06/19 22:04:07 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/18 15:39:47 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/09 15:03:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/26 23:59:01 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\9ud8jgry.exe
[2010/09/27 22:14:56 | 003,855,255 | R--- | M] () -- C:\Documents and Settings\jim\Desktop\ComboFix.exe
[2010/09/27 01:12:24 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\MBRCheck.exe
[2010/09/27 21:24:45 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\NTBR_CD.exe
[2010/09/28 21:04:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2010/09/26 12:05:40 | 000,288,654 | ---- | M] ( ) -- C:\Documents and Settings\jim\Desktop\SafeBootKeyRepair.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/18 15:39:44 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\jim\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/02/03 23:29:20 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\jim\Cookies\desktop.ini
[2010/09/28 21:06:23 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\jim\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 05:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 05:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 05:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 05:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 05:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 05:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 05:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 05:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1999/09/10 08:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

BigMarklin · 2010/09/28

Here is the other half.

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google "
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/ "
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: ramback@pavlov.net:1.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {e8f509f0-b677-11de-8a39-0800200c9a66}:1.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/26 10:31:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 20:38:59 | 000,000,000 | ---D | M]

[2008/07/04 12:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Mozilla\Extensions
[2010/09/28 20:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions
[2010/04/27 21:57:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/07 07:33:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/01 22:34:12 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/01/29 00:06:38 | 000,000,000 | ---D | M] () -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010/03/21 12:00:57 | 000,000,000 | ---D | M] (Web2PDF converter) -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}
[2010/09/23 22:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\en-US@dictionaries.addons.mozilla.org
[2008/07/04 12:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Mozilla\Firefox\Profiles\uzcifgud.default\extensions\ramback@pavlov.net
[2010/09/28 19:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 23:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll

O1 HOSTS File: ([2010/09/28 20:21:57 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.)
O4 - HKLM..\Run: [QCTray] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (IBM Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 01 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab (PeoplePC Web Installer)
O16 - DPF: {204D07F5-A3D9-4872-9A11-C750A5B52163} https://app.primecontract.com/primecontractsupport/brava/PreloadX.cab (PreloadX Class)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262362662208 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1262363863328 (MUWebControl Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\IBM fingerprint software\psfus.dll - C:\Program Files\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Resources\Themes\Think Theme\IBM Think.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Resources\Themes\Think Theme\IBM Think.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/29 19:49:44 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/28 21:04:02 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2010/09/27 22:45:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/27 22:41:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/27 22:41:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/27 22:41:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/27 22:41:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/27 22:27:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/27 21:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Desktop\NTBR_CD
[2010/09/26 12:05:39 | 000,288,654 | ---- | C] ( ) -- C:\Documents and Settings\jim\Desktop\SafeBootKeyRepair.exe
[2010/09/26 09:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\AML Products
[2010/09/24 21:51:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jim\Recent
[2010/09/24 21:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\QuickScan
[2010/09/20 19:21:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\Malwarebytes
[2010/09/20 19:21:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/20 19:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/20 19:21:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/20 19:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/20 17:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/18 15:38:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jim\My Documents
[2010/09/12 15:20:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/09/12 10:31:45 | 000,083,168 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/09/12 10:31:45 | 000,082,832 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/09/12 10:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2010/09/12 10:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/09/06 23:41:54 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/09/06 22:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/09/06 18:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\IECompatCache
[2010/09/04 14:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\PrivacIE
[2010/09/04 14:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\IETldCache
[2010/09/04 14:26:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/09/04 14:20:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8
[2010/08/22 19:58:24 | 000,000,000 | ---D | C] -- C:\My Documents\Stuff_From_Jump_Drive
[2010/07/20 20:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\ElevatedDiagnostics
[2010/07/20 20:48:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/07/10 21:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jim\Application Data\Thunderbird
[2008/04/20 22:48:22 | 000,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\jim\Application Data\ezplay.sys
[2008/04/20 22:48:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\jim\Application Data\pcouffin.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/28 21:04:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2010/09/28 20:45:53 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/09/28 20:45:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/28 20:42:37 | 004,285,762 | -H-- | M] () -- C:\Documents and Settings\jim\Local Settings\Application Data\IconCache.db
[2010/09/28 20:41:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jim\ntuser.ini
[2010/09/28 20:41:42 | 008,224,768 | ---- | M] () -- C:\Documents and Settings\jim\ntuser.dat
[2010/09/28 20:40:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/28 20:40:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/28 20:22:30 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/28 20:21:57 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/27 22:45:40 | 000,000,338 | RHS- | M] () -- C:\BOOT.INI
[2010/09/27 22:14:56 | 003,855,255 | R--- | M] () -- C:\Documents and Settings\jim\Desktop\ComboFix.exe
[2010/09/27 21:48:40 | 000,054,576 | ---- | M] () -- C:\Documents and Settings\jim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/27 21:24:45 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\NTBR_CD.exe
[2010/09/27 01:12:24 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\MBRCheck.exe
[2010/09/26 23:59:01 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\9ud8jgry.exe
[2010/09/26 12:07:23 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\dds.scr
[2010/09/26 12:05:40 | 000,288,654 | ---- | M] ( ) -- C:\Documents and Settings\jim\Desktop\SafeBootKeyRepair.exe
[2010/09/26 10:08:41 | 000,000,332 | ---- | M] () -- C:\My Documents\cc_20100926_100838.reg
[2010/09/26 10:08:01 | 000,007,940 | ---- | M] () -- C:\My Documents\cc_20100926_100756.reg
[2010/09/26 09:44:00 | 000,218,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/26 09:36:56 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\AML Free Registry Cleaner.lnk
[2010/09/25 18:52:16 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/25 18:49:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/25 18:17:12 | 000,556,998 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/25 18:17:12 | 000,479,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/25 18:17:12 | 000,087,650 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/19 17:06:26 | 000,000,228 | ---- | M] () -- C:\Boot.bak
[2010/09/18 16:00:10 | 000,003,266 | ---- | M] () -- C:\My Documents\cc_20100918_155957.reg
[2010/09/18 15:39:47 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/12 10:07:58 | 000,004,500 | ---- | M] () -- C:\My Documents\cc_20100912_100745.reg
[2010/09/12 09:53:28 | 008,224,768 | ---- | M] () -- C:\Documents and Settings\jim\ntuser.bak
[2010/09/12 08:49:55 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\jim\Local Settings\Application Data\housecall.guid.cache
[2010/09/04 10:33:07 | 000,000,332 | ---- | M] () -- C:\My Documents\cc_20100904_103304.reg
[2010/09/04 10:32:31 | 000,023,100 | ---- | M] () -- C:\My Documents\cc_20100904_103226.reg
[2010/08/30 23:54:15 | 000,000,528 | ---- | M] () -- C:\My Documents\cc_20100830_235411.reg
[2010/08/30 22:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/29 23:38:07 | 000,018,363 | ---- | M] () -- C:\My Documents\Sayings.pdf
[2010/08/29 23:37:38 | 000,023,552 | ---- | M] () -- C:\My Documents\Sayings.doc
[2010/08/06 20:21:17 | 002,183,952 | ---- | M] () -- C:\My Documents\Mailtraq 1.pdf
[2010/08/05 18:18:25 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/08/02 20:50:42 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Word.lnk
[2010/08/02 20:42:48 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Excel.lnk
[2010/07/27 23:31:32 | 000,005,784 | ---- | M] () -- C:\My Documents\cc_20100727_233125.reg
[2010/07/13 21:24:06 | 000,000,640 | ---- | M] () -- C:\My Documents\cc_20100713_212400.reg
[2010/07/13 00:21:02 | 000,271,401 | ---- | M] () -- C:\My Documents\Network__3-SMTP_Server_Status_Codes_and_SMTP_Error_Codes.pdf
[2010/07/07 22:36:19 | 000,018,944 | ---- | M] () -- C:\My Documents\Todd Build.xls
[2010/07/03 20:55:08 | 000,192,512 | ---- | M] () -- C:\My Documents\Put data to use.mdb
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/27 22:45:40 | 000,000,228 | ---- | C] () -- C:\Boot.bak
[2010/09/27 22:45:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/27 22:41:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/27 22:41:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/27 22:41:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/27 22:41:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/27 22:41:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/27 22:14:48 | 003,855,255 | R--- | C] () -- C:\Documents and Settings\jim\Desktop\ComboFix.exe
[2010/09/27 21:24:14 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\NTBR_CD.exe
[2010/09/27 01:12:23 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\MBRCheck.exe
[2010/09/26 23:59:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\9ud8jgry.exe
[2010/09/26 12:07:23 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\dds.scr
[2010/09/26 10:08:40 | 000,000,332 | ---- | C] () -- C:\My Documents\cc_20100926_100838.reg
[2010/09/26 10:07:59 | 000,007,940 | ---- | C] () -- C:\My Documents\cc_20100926_100756.reg
[2010/09/26 09:35:02 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\jim\Desktop\AML Free Registry Cleaner.lnk
[2010/09/25 18:03:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/18 16:00:00 | 000,003,266 | ---- | C] () -- C:\My Documents\cc_20100918_155957.reg
[2010/09/12 10:07:52 | 000,004,500 | ---- | C] () -- C:\My Documents\cc_20100912_100745.reg
[2010/09/12 08:49:55 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\housecall.guid.cache
[2010/09/06 17:31:35 | 008,224,768 | ---- | C] () -- C:\ntuser.dat
[2010/09/04 10:33:06 | 000,000,332 | ---- | C] () -- C:\My Documents\cc_20100904_103304.reg
[2010/09/04 10:32:28 | 000,023,100 | ---- | C] () -- C:\My Documents\cc_20100904_103226.reg
[2010/08/30 23:54:13 | 000,000,528 | ---- | C] () -- C:\My Documents\cc_20100830_235411.reg
[2010/08/29 23:18:55 | 000,018,363 | ---- | C] () -- C:\My Documents\Sayings.pdf
[2010/08/29 23:01:40 | 000,023,552 | ---- | C] () -- C:\My Documents\Sayings.doc
[2010/08/26 23:56:24 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/08/26 23:56:24 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/08/26 23:56:24 | 000,152,496 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/08/26 23:56:23 | 000,015,577 | ---- | C] () -- C:\WINDOWS\atiogl.xml
[2010/08/12 23:17:43 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\jim\SVKSettings.txt
[2010/08/12 22:02:10 | 008,224,768 | ---- | C] () -- C:\Documents and Settings\jim\ntuser.dat
[2010/08/06 20:21:17 | 002,183,952 | ---- | C] () -- C:\My Documents\Mailtraq 1.pdf
[2010/07/27 23:31:29 | 000,005,784 | ---- | C] () -- C:\My Documents\cc_20100727_233125.reg
[2010/07/13 21:24:03 | 000,000,640 | ---- | C] () -- C:\My Documents\cc_20100713_212400.reg
[2010/07/13 00:21:02 | 000,271,401 | ---- | C] () -- C:\My Documents\Network__3-SMTP_Server_Status_Codes_and_SMTP_Error_Codes.pdf
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/04/20 22:48:25 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\ezplay.log
[2008/04/20 22:48:22 | 000,007,861 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\ezplay.cat
[2008/04/20 22:48:21 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\ezplay.inf
[2008/04/20 22:48:21 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\ezplay.ini
[2008/04/20 22:48:20 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\pcouffin.log
[2008/04/20 22:48:13 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\pcouffin.cat
[2008/04/20 22:48:13 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\pcouffin.inf
[2007/11/23 00:29:27 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/22 15:18:48 | 000,000,510 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\AdobeDLM.log
[2007/11/22 15:18:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jim\Application Data\dm.ini
[2007/06/17 21:33:51 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2007/06/14 23:04:26 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\jim\Local Settings\Application Data\fusioncache.dat
[2006/10/30 16:49:03 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2006/10/15 00:20:36 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/04/22 00:10:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/29 15:08:32 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2005/06/03 10:23:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\clallserial.dll
[2005/04/02 21:14:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imaqconf.ini
[2005/04/02 19:41:44 | 000,000,482 | ---- | C] () -- C:\WINDOWS\Backer32.ini
[2005/04/02 05:06:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/04/02 02:54:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2005/04/02 02:43:48 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2005/04/02 01:53:19 | 000,000,076 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2005/04/01 20:08:15 | 000,041,324 | ---- | C] () -- C:\WINDOWS\System32\winio.sys
[2005/04/01 20:07:57 | 000,000,159 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2005/03/30 19:23:38 | 000,000,534 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/03/30 18:43:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/03/03 12:30:56 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/03 12:05:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/03 12:04:53 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2005/03/03 12:01:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2005/03/03 12:01:05 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/03/03 12:01:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005/03/03 12:00:33 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2005/03/03 11:53:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/03/03 11:53:52 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/03/03 11:53:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/03/03 11:53:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/03/03 11:53:52 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/03/03 11:53:52 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/03/03 11:53:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/03 11:44:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2005/03/03 11:44:21 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2005/03/03 11:43:41 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2005/03/03 11:40:41 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/03/03 11:40:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/16 04:41:58 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
[2004/11/08 21:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/10/01 19:01:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/09 15:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/07/26 11:00:00 | 000,007,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2004/01/09 10:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/16 03:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 22:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 17:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1980/01/01 04:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 04:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

========== LOP Check ==========

[2008/11/08 22:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2006/06/06 22:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cloudmark
[2008/03/07 23:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2010/04/12 22:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2005/04/02 21:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\National Instruments
[2009/06/13 18:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2008/08/16 20:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/04/11 20:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2
[2009/11/15 01:18:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/04 14:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\ElevatedDiagnostics
[2007/06/14 23:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\IBM
[2008/03/28 16:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\InterVideo
[2007/06/17 11:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Leadertech
[2010/04/12 22:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\muvee Technologies
[2007/06/17 10:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Nikon
[2009/07/26 21:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\OfficeUpdate12
[2010/09/24 21:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\QuickScan
[2007/11/02 19:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\ThumbsPlus
[2010/07/10 21:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Thunderbird
[2008/04/22 21:06:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jim\Application Data\Vso
[2010/09/28 20:45:53 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/03/29 19:49:44 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2010/09/19 17:06:26 | 000,000,228 | ---- | M] () -- C:\Boot.bak
[2010/09/27 22:45:40 | 000,000,338 | RHS- | M] () -- C:\BOOT.INI
[2005/03/03 12:02:42 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
[2005/03/03 12:06:24 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
[2004/08/09 14:35:38 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2005/03/03 11:58:48 | 000,000,308 | ---- | M] () -- C:\ccrrec.ver
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/28 20:34:15 | 000,014,022 | ---- | M] () -- C:\ComboFix.txt
[2005/03/29 19:49:44 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2005/03/03 11:52:46 | 000,000,755 | ---- | M] () -- C:\drivez.log
[2009/08/23 12:49:55 | 000,001,760 | ---- | M] () -- C:\engine.log
[2007/07/04 21:29:23 | 000,150,672 | ---- | M] () -- C:\IbmEgath.XML
[2005/03/29 19:49:45 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/10/19 23:58:30 | 002,040,116 | ---- | M] () -- C:\log.txt
[2005/03/03 11:51:06 | 000,000,164 | ---- | M] () -- C:\LOGFILE.txt
[2005/04/02 19:40:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/19 21:52:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/31 13:24:36 | 008,224,768 | ---- | M] () -- C:\ntuser.dat
[2010/09/06 17:36:21 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/09/28 20:40:06 | 1205,477,376 | -HS- | M] () -- C:\pagefile.sys
[2010/09/19 14:42:47 | 000,089,275 | ---- | M] () -- C:\PE-Files.txt
[2005/03/03 12:30:56 | 000,001,287 | ---- | M] () -- C:\SYSLEVEL.IBM
[2005/03/03 12:29:48 | 000,000,044 | ---- | M] () -- C:\TCPACHIP.LOG
[2010/09/19 14:42:35 | 000,089,275 | ---- | M] () -- C:\Win-Files.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/09 14:54:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >
[2004/11/04 20:40:14 | 000,329,160 | ---- | M] () -- C:\WINDOWS\1024 x 768 IBM Americas Map.jpg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/09 14:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 14:45:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 14:45:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/06/19 22:04:07 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/18 15:39:47 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/09 15:03:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/26 23:59:01 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\9ud8jgry.exe
[2010/09/27 22:14:56 | 003,855,255 | R--- | M] () -- C:\Documents and Settings\jim\Desktop\ComboFix.exe
[2010/09/27 01:12:24 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\MBRCheck.exe
[2010/09/27 21:24:45 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\jim\Desktop\NTBR_CD.exe
[2010/09/28 21:04:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jim\Desktop\OTL.exe
[2010/09/26 12:05:40 | 000,288,654 | ---- | M] ( ) -- C:\Documents and Settings\jim\Desktop\SafeBootKeyRepair.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/18 15:39:44 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\jim\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/02/03 23:29:20 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\jim\Cookies\desktop.ini
[2010/09/28 21:06:23 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\jim\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 05:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 05:41:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 05:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 05:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 23:00:30 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 05:42:30 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 05:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 05:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 05:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 05:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 05:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1999/09/10 08:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\wowpost.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

BigMarklin · 2010/09/28

Here is Extras.txt

OTL Extras logfile created on: 9/28/2010 9:07:12 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\jim\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 283.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.60 Gb Total Space | 46.60 Gb Free Space | 66.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBMLAPTOP
Current User Name: Jim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
"C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = IBM SATA Power Management Driver
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = IBM ThinkPad EasyEject Utility
"{1B779CC7-5F25-29B3-5150-AF44A6201033}" = Nero 7 Demo
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.21
"{34BFBF2A-06B9-4B5E-BB33-E78B67450ED7}" = IBM fingerprint software 4.5.3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{47813E93-F2A0-484A-838E-47EC1B28D190}" = Adobe Stock Photos 1.0
"{5339F0F3-BCDA-4DEE-A9B5-CBCB150C3B6D}" = IVI Shared Component
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM Active Protection System
"{76EF79CA-A6A8-41C4-AE49-E49BA075FA51}" = Diskeeper Professional Edition
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{8685BFA3-470B-4E20-A41F-A60BBD40E6E2}" = LexarMedia ImageRescue Software
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = IBM Integrated Bluetooth IV Software
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{9D8029C2-2CD7-11D4-805B-0004AC256BCF}" = X-Win32
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = IBM ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AEFE27E3-85EF-4DBB-A495-AA2D5960B092}" = Cloudmark Desktop for Microsoft Outlook
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1D78321-7AB1-45A7-A084-885AF75B8F3D}" = Palm Desktop
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4354214-B919-4C8F-84EB-4F9B84ACC02C}" = Retrospect 6.0
"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis*True*Image
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{EAB3C29A-DC9D-48A3-9A15-CEC94DBEA4B9}" = NI-DAQ Device Document Browser
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{EE7C3A14-1D20-49F6-B903-491561076F0F}" = ArcSoft Software Suite
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{F45C8DD6-EFDF-4F1E-8E5C-AB80653BCB75}" = Lexar Media Reader Products
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = IBM ThinkPad Configuration
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"All ATI Software" = ATI - Software Uninstall Utility
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"EndNote" = EndNote
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"MXOFX" = USB Storage Adapter FX (MXO)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PictureProject In Touch Downloader" = PictureProject In Touch Downloader 1.0
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"ProcessQuickLink 2_is1" = Uniblue ProcessQuickLink 2
"Revo Uninstaller" = Revo Uninstaller 1.83
"RIS Web Helper" = RIS Web Helper
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"ThumbsPlus7" = ThumbsPlus version 7.0
"Tweak UI 2.10" = Tweak UI
"UndeletePlus_is1" = Undelete Plus 2.97
"ViceVersa Pro 2_is1" = ViceVersa Pro 2 (Build 2011)
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/28/2010 12:01:57 AM | Computer Name = IBMLAPTOP | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Insufficient system resources
exist to complete the requested service. for C:\Documents and Settings\jim\ntuser.dat

Error - 9/28/2010 12:01:59 AM | Computer Name = IBMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Insufficient system resources exist
to complete the requested service.

Error - 9/28/2010 7:28:19 PM | Computer Name = IBMLAPTOP | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Insufficient system resources
exist to complete the requested service. for C:\Documents and Settings\jim\ntuser.dat

Error - 9/28/2010 7:28:24 PM | Computer Name = IBMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Insufficient system resources exist
to complete the requested service.

Error - 9/28/2010 7:28:31 PM | Computer Name = IBMLAPTOP | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Insufficient system resources
exist to complete the requested service. for C:\Documents and Settings\jim\ntuser.dat

Error - 9/28/2010 7:29:02 PM | Computer Name = IBMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Insufficient system resources exist
to complete the requested service.

Error - 9/28/2010 7:29:03 PM | Computer Name = IBMLAPTOP | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Insufficient system resources
exist to complete the requested service. for C:\Documents and Settings\jim\ntuser.dat

Error - 9/28/2010 7:29:11 PM | Computer Name = IBMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Insufficient system resources exist
to complete the requested service.

Error - 9/28/2010 8:41:30 PM | Computer Name = IBMLAPTOP | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - Insufficient system resources
exist to complete the requested service. for C:\Documents and Settings\jim\ntuser.dat

Error - 9/28/2010 8:41:37 PM | Computer Name = IBMLAPTOP | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Insufficient system resources exist
to complete the requested service.

[ System Events ]
Error - 9/28/2010 8:35:32 PM | Computer Name = IBMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The SSDP Discovery Service service depends on the HTTP service which
failed to start because of the following error: %%8

Error - 9/28/2010 8:41:15 PM | Computer Name = IBMLAPTOP | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 9/28/2010 8:41:16 PM | Computer Name = IBMLAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
HWiNFO32

Error - 9/28/2010 8:42:00 PM | Computer Name = IBMLAPTOP | Source = Service Control Manager | ID = 7000
Description = The HTTP service failed to start due to the following error: %%8

Error - 9/28/2010 8:42:00 PM | Computer Name = IBMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The SSDP Discovery Service service depends on the HTTP service which
failed to start because of the following error: %%8

Error - 9/28/2010 8:42:07 PM | Computer Name = IBMLAPTOP | Source = Service Control Manager | ID = 7000
Description = The HTTP service failed to start due to the following error: %%8

Error - 9/28/2010 8:42:07 PM | Computer Name = IBMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The SSDP Discovery Service service depends on the HTTP service which
failed to start because of the following error: %%8

Error - 9/28/2010 8:43:05 PM | Computer Name = IBMLAPTOP | Source = DCOM | ID = 10010
Description = The server {72C2714F-4478-11D3-B537-00902771A435} did not register
with DCOM within the required timeout.

Error - 9/28/2010 8:45:40 PM | Computer Name = IBMLAPTOP | Source = Service Control Manager | ID = 7000
Description = The HTTP service failed to start due to the following error: %%8

Error - 9/28/2010 8:45:41 PM | Computer Name = IBMLAPTOP | Source = Service Control Manager | ID = 7001
Description = The SSDP Discovery Service service depends on the HTTP service which
failed to start because of the following error: %%8

< End of report >

Log in or Sign up

Solved Internet Explorer 7 Will Not Launch after Trojan was removed

BigMarklin Inactive Thread Starter

Admin. Administrator Administrator Staff

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

BigMarklin Inactive Thread Starter

BigMarklin Inactive Thread Starter

BigMarklin Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Internet Explorer 7 Will Not Launch after Trojan was removed

BigMarklin Inactive Thread Starter

Admin. Administrator Administrator Staff

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

broni Moderator Malware Analyst

BigMarklin Inactive Thread Starter

BigMarklin Inactive Thread Starter

BigMarklin Inactive Thread Starter

BigMarklin Inactive Thread Starter

Share This Page

Useful Searches