Possible Spyware or Trojan

**Whoosh** · 07-09-2010

Hello,

Could someone please take a look at the logs attached as I think I may have some sort of infection. A few weeks ago Adaware detected and deleted Trojan Win32 BT Generic, but since that my desktop has still been slugish and a full Adaware scan will not complete.

As I seem to have atime out issue, maybe because my internet connection is slow, I am trying to post the logs in two posts.

Thanks in advance for your help and kindness.

MALWARE

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4561

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/09/2010 13:31
mbam-log-2010-09-07 (13-31-33).txt

Scan type: Quick scan
Objects scanned: 130160
Time elapsed: 7 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-07 14:50:23
Windows 5.1.2600 Service Pack 3
Running: h16nlzss.exe; Driver: C:\DOCUME~1\Nick\LOCALS~1\Temp\pxtdapoc.sys

---- System - GMER 1.0.15 ----

SSDT 8A7656D0 ZwAlertResumeThread
SSDT 8A7666D0 ZwAlertThread
SSDT 89E4B568 ZwAllocateVirtualMemory
SSDT 8A75D6D0 ZwAssignProcessToJobObject
SSDT 8AE8E348 ZwConnectPort
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xB4BAF852]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB4DD3210]
SSDT 8AEE5EB0 ZwCreateMutant
SSDT 8A006878 ZwCreateSymbolicLinkObject
SSDT 8A0576E0 ZwCreateThread
SSDT 8A75E6D0 ZwDebugActiveProcess
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xB4BAF9B2]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB4DD3490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB4DD39F0]
SSDT 89E4B6C0 ZwDuplicateObject
SSDT 89E6F648 ZwFreeVirtualMemory
SSDT 8A7636D0 ZwImpersonateAnonymousToken
SSDT 8A7646D0 ZwImpersonateThread
SSDT 8AE99008 ZwLoadDriver
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xB4BB33BC]
SSDT 8A0448B0 ZwMapViewOfSection
SSDT 8A7626D0 ZwOpenEvent
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xB4BAF916]
SSDT 8ABF8410 ZwOpenProcess
SSDT 8AE52A48 ZwOpenProcessToken
SSDT 8A7606D0 ZwOpenSection
SSDT 8ABF8340 ZwOpenThread
SSDT 8A02B768 ZwProtectVirtualMemory
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xB4BB3332]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xB4BB329C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xB4BB32CE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xB4BB3300]
SSDT 8A7676D0 ZwResumeThread
SSDT 8AFE91E0 ZwSetContextThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xB4BAFA12]
SSDT 8A044758 ZwSetInformationProcess
SSDT 8A75F6D0 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB4DD3C40]
SSDT 8A7616D0 ZwSuspendProcess
SSDT 8A7686D0 ZwSuspendThread
SSDT 8ABF7268 ZwTerminateProcess
SSDT 8A7696D0 ZwTerminateThread
SSDT 8AC191F0 ZwUnmapViewOfSection
SSDT 89E6F718 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2508 80501D40 8 Bytes JMP 3B83D9CF
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB909C360, 0x2456AE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[684] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 01997090 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[684] ntdll.dll!LdrLoadDll + 1 7C9163C4 5 Bytes [22, 00, 68, 71, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Internet Explorer\iexplore.exe[684] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 6 Bytes PUSH 71510022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 71450022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 71570022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!DdeInitializeW 7E4206D7 6 Bytes PUSH 714B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 71620022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 71480022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[684] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[684] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71540022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 714E0022
.text C:\Program Files\Internet Explorer\iexplore.exe[684] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 71650022
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 712D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!InternetQueryDataAvailable 3D94BF7F 6 Bytes PUSH 71180022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!HttpAddRequestHeadersA 3D94CF46 6 Bytes PUSH 71420022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 713F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!InternetConnectA 3D94DEAE 6 Bytes PUSH 712A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!InternetConnectW 3D94F862 6 Bytes PUSH 71270022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 71300022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 713C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!InternetOpenA 3D95D690 6 Bytes PUSH 711E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!InternetOpenW 3D95DB09 6 Bytes PUSH 711B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!InternetSetStatusCallback 3D95DCC8 6 Bytes PUSH 71120022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 71390022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 71150022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!InternetGetCookieExA 3D964BD0 6 Bytes PUSH 71210022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!InternetWriteFile 3D9A60F6 6 Bytes PUSH 710F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!HttpSendRequestExA 3D9BA70A 6 Bytes PUSH 71360022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!HttpSendRequestExW 3D9BA763 6 Bytes PUSH 71330022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] WININET.dll!InternetGetCookieA 3D9BBDEC 6 Bytes PUSH 71240022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[684] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71040022
.text C:\Program Files\Internet Explorer\iexplore.exe[684] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 71080022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1124] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414E10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1124] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1124] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1124] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 017E7090 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] ntdll.dll!LdrLoadDll + 1 7C9163C4 5 Bytes [22, 00, 68, 71, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 6 Bytes PUSH 71500022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 71440022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!DdeInitializeW 7E4206D7 6 Bytes PUSH 714A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 71610022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 71470022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71530022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 714D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71030022
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 71070022
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 712C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!InternetQueryDataAvailable 3D94BF7F 6 Bytes PUSH 71170022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!HttpAddRequestHeadersA 3D94CF46 6 Bytes PUSH 71410022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 713E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!InternetConnectA 3D94DEAE 6 Bytes PUSH 71290022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!InternetConnectW 3D94F862 6 Bytes PUSH 71260022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 712F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 713B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!InternetOpenA 3D95D690 6 Bytes PUSH 711D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!InternetOpenW 3D95DB09 6 Bytes PUSH 711A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!InternetSetStatusCallback 3D95DCC8 6 Bytes PUSH 71110022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 71380022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 71140022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!InternetGetCookieExA 3D964BD0 6 Bytes PUSH 71200022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!InternetWriteFile 3D9A60F6 6 Bytes PUSH 710E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!HttpSendRequestExA 3D9BA70A 6 Bytes PUSH 71350022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!HttpSendRequestExW 3D9BA763 6 Bytes PUSH 71320022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1508] WININET.dll!InternetGetCookieA 3D9BBDEC 6 Bytes PUSH 71230022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 017E7090 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] ntdll.dll!LdrLoadDll + 1 7C9163C4 5 Bytes [22, 00, 68, 71, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 6 Bytes PUSH 71500022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 71440022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!DdeInitializeW 7E4206D7 6 Bytes PUSH 714A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD135 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 71610022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 71470022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4B6F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4AA1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4B0C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4972 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E49D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4BD2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4A36 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71530022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 714D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4EF0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71030022
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 71070022
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 712C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!InternetQueryDataAvailable 3D94BF7F 6 Bytes PUSH 71170022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!HttpAddRequestHeadersA 3D94CF46 6 Bytes PUSH 71410022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 713E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!InternetConnectA 3D94DEAE 6 Bytes PUSH 71290022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!InternetConnectW 3D94F862 6 Bytes PUSH 71260022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 712F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 713B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!InternetOpenA 3D95D690 6 Bytes PUSH 711D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!InternetOpenW 3D95DB09 6 Bytes PUSH 711A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!InternetSetStatusCallback 3D95DCC8 6 Bytes PUSH 71110022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 71380022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 71140022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!InternetGetCookieExA 3D964BD0 6 Bytes PUSH 71200022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!InternetWriteFile 3D9A60F6 6 Bytes PUSH 710E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!HttpSendRequestExA 3D9BA70A 6 Bytes PUSH 71350022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!HttpSendRequestExW 3D9BA763 6 Bytes PUSH 71320022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2756] WININET.dll!InternetGetCookieA 3D9BBDEC 6 Bytes PUSH 71230022; RET
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3360] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00438FF0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3360] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3360] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3360] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[1508] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

MBR Check

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:
Windows Information:
Logical Drives Mask:

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xB9EF1000 nvata.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ED1000 fltmgr.sys
0xB9E7B000 SYMDS.SYS
0xB9E69000 sr.sys
0xBA0F8000 Lbd.sys
0xB9E3C000 SYMEFA.SYS
0xBA108000 PxHelp20.sys
0xB9E25000 KSecDD.sys
0xB9E12000 WudfPf.sys
0xB9D85000 Ntfs.sys
0xB9D58000 NDIS.sys
0xBA118000 RapportKELL.sys
0xBA5AE000 \WINDOWS\System32\Drivers\USBD.SYS
0xB9D3E000 Mup.sys
0xBA208000 \SystemRoot\system32\DRIVERS\processr.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB95CA000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB95A2000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA218000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA594000 \SystemRoot\system32\drivers\pfc.sys
0xBA228000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA238000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB957F000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA248000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB9463000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB909C000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9088000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA4B0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA258000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9074000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA756000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA268000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB905D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA278000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA288000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA350000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB904C000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA298000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA358000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA360000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB901C000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA368000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA370000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8F1E000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D02000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA2C8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8A14000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB89F0000 \SystemRoot\system32\drivers\portcls.sys
0xBA2E8000 \SystemRoot\system32\drivers\drmk.sys
0xBA308000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xB5015000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SRTSP .SYS
0xB4FF6000 \SystemRoot\system32\drivers\NIS\1107000.00C\Ironx 86.SYS
0xBA574000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA158000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA388000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA390000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA578000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA3A8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xBA1D8000 \SystemRoot\system32\drivers\NIS\1107000.00C\SRTSP X.SYS
0xB4E0A000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100906.024\NAVEX15.SYS
0xB4DBD000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB4DA9000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100906.024\NAVENG.SYS
0xBA638000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6E6000 \SystemRoot\System32\Drivers\Null.SYS
0xBA63A000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3D0000 \SystemRoot\System32\drivers\vga.sys
0xBA63C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA63E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3D8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3E0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8EAA000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB4D76000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB4D1D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB4CC6000 \SystemRoot\System32\Drivers\NIS\1107000.00C\SYMTD I.SYS
0xB4CA0000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB8F8C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB4C4B000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0100906.001\IDSxpx86.sys
0xB4C23000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB4C01000 \SystemRoot\System32\drivers\afd.sys
0xB8FEC000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB4BD6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB4BAE000 \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
0xBA438000 \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 8130\RapportCerberus_18130.sys
0xB4B3E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2D8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4AE0000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB4AC3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB4A44000 \SystemRoot\system32\drivers\NIS\1107000.00C\ccHPx 86.sys
0xB4998000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20100810.004\BHDrvx86.sys
0xB8FDC000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB4956000 \SystemRoot\System32\Drivers\dump_nvata.sys
0xBA656000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA558000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3E8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6E2000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB3E25000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3190000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3EC5000 \SystemRoot\system32\drivers\sysaudio.sys
0xB2ED7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5C8000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB3291000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xB2E30000 \SystemRoot\system32\DRIVERS\srv.sys
0xB261F000 \SystemRoot\System32\Drivers\HTTP.sys
0xB0BB0000 \??\C:\DOCUME~1\Nick\LOCALS~1\Temp\pxtdapoc.sys
0xB02E5000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 44):
0 System Idle Process
4 System
632 C:\WINDOWS\system32\smss.exe
688 csrss.exe
712 C:\WINDOWS\system32\winlogon.exe
764 C:\WINDOWS\system32\services.exe
776 C:\WINDOWS\system32\lsass.exe
944 C:\WINDOWS\system32\svchost.exe
1008 svchost.exe
1124 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
1164 C:\WINDOWS\system32\svchost.exe
1212 C:\WINDOWS\system32\svchost.exe
1300 svchost.exe
1396 svchost.exe
1672 C:\WINDOWS\explorer.exe
1724 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1896 C:\WINDOWS\system32\spoolsv.exe
172 svchost.exe
244 C:\Program Files\Java\jre6\bin\jqs.exe
272 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
448 C:\WINDOWS\system32\nvsvc32.exe
1928 C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
2580 unsecapp.exe
2664 alg.exe
2800 wmiprvse.exe
3296 C:\WINDOWS\RTHDCPL.EXE
3360 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
3740 C:\Program Files\Winamp\winampa.exe
3796 C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
3816 C:\WINDOWS\system32\svchost.exe
3840 C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
3900 C:\WINDOWS\system32\svchost.exe
3996 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4016 C:\Program Files\Messenger\msmsgs.exe
4028 C:\WINDOWS\system32\ctfmon.exe
4076 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
4092 C:\Program Files\Free Download Manager\fdm.exe
512 C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
548 C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
1792 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3484 C:\Program Files\Internet Explorer\iexplore.exe
3480 C:\Program Files\Internet Explorer\iexplore.exe
3104 C:\Program Files\Internet Explorer\iexplore.exe
3348 C:\Documents and Settings\Nick\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HDT722525DLA380, Rev: V44OA9BA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Thanks once again for your help.

**Whoosh** · 07-09-2010

Hello,

Here is the first OTL Log

OTL Logs

OTL Logfile - Custom Scan

OTL logfile created on: 07/09/2010 15:03:13 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format:

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 29.66 Gb Free Space | 12.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESK
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/07 14:54:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
PRC - [2010/09/04 23:54:01 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/09/04 23:53:58 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/05 19:19:20 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/08/05 19:19:18 | 000,763,112 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/02/26 01

50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/01/31 03:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 23:11:50 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2007/05/14 23:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2005/12/21 20:23:58 | 000,278,528 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2005/10/04 13:16:46 | 000,040,960 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
PRC - [2004/08/20 13:58:24 | 000,634,880 | ---- | M] (STOIK Imaging (Photo and Video editor, converter, media browser, morphing, noise reduction, red eye remove, photo panorama creation, cross stitch pattern, pain by number software - STOIK Imaging)) -- C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
PRC - [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
PRC - [1999/03/21 00:54:56 | 007,151,661 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\EXCEL.EXE

========== Modules (SafeList) ==========

MOD - [2010/09/07 14:54:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
MOD - [2010/08/05 19:19:26 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/05/14 06:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/14 01:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/10/04 13:16:30 | 000,081,920 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/04 23:53:58 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/05 19:19:18 | 000,763,112 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/02/26 01

50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2006/12/14 02

20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMRED RV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDI S.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS .SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW. SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS .SYS -- (SYMDNS)
DRV - [2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 13:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/10 02:11:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/08/05 19:29:22 | 000,034,536 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 8130\RapportCerberus_18130.sys -- (RapportCerberus_18130)
DRV - [2010/08/05 19:19:28 | 000,168,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/08/05 19:19:28 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/07/14 02:00:43 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100906.024\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 02:00:43 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100906.024\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/02 13:13:45 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/02 13:13:45 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 20:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0100906.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/06 05:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI .SYS -- (SYMTDI)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx8 6.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA .SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP. SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX .SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/28 18:45:55 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx8 6.sys -- (ccHP)
DRV - [2009/08/30 01:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS. SYS -- (SymDS)
DRV - [2009/04/13 15:37:01 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2008/04/13 19

49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/16 08:35:00 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/11 14:38:30 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 14:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/28 10:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/14 04:04:12 | 004,299,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA059 1-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/06/02 13:25:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F365 1-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/02/28 19:05:48 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [gcNotifier] C:\Documents and Settings\Nick\Local Settings\Application Data\VTShared\gcnotifier.exe (Golden Casino)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe (STOIK Imaging (Photo and Video editor, converter, media browser, morphing, noise reduction, red eye remove, photo panorama creation, cross stitch pattern, pain by number software - STOIK Imaging))
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe (Avanquest Publishing USA, Inc.)
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Seagate 2GHJV16D Product Registration.lnk = C:\Documents and Settings\Nick\Application Data\Leadertech\PowerRegister\Seagate 2GHJV16D Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1229547600890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/13 19:05:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPEG - C:\WINDOWS\System32\JPEGCODE.DLL ()
Drivers32: VIDC.MPEG - C:\WINDOWS\System32\JPEGCODE.DLL ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/07 14:54:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/09/07 13

35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Malwarebytes
[2010/09/07 13

25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/07 13

24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/07 13

24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 13

24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/07 13:19:14 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nick\Desktop\mbam-setup.exe
[2010/09/07 13:15:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/07 13:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/07 13:14:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2010/09/07 12:49:57 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\TFC.exe
[2010/09/04 22:52:33 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/09/04 22:52:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/26 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Sunbelt Software
[2010/08/11 20:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Trusteer
[2010/08/11 20:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/08/11 19:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/05 19:19:28 | 000,058,984 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/07/03 17:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\Any Video Converter
[2010/07/03 17:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\AnvSoft
[2010/07/03 17:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/06/29 14:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\FINANCES 2009 - 2010
[2010/06/18 14:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVD FlickCurrent
[2007/04/29 21:13:23 | 025,755,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2007/04/29 15:36:39 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe

========== Files - Modified Within 90 Days ==========

[2010/09/07 15:00:55 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Microsoft Excel.lnk
[2010/09/07 14:54:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/09/07 14:51:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\MBRCheck.exe
[2010/09/07 13:44:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\h16nlzss.exe
[2010/09/07 13:42:35 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Nick\NTUSER.DAT
[2010/09/07 13:41:59 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\download.php
[2010/09/07 13:37:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/07 13:35:39 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/07 13:35:36 | 000,013,746 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/07 13:35:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/07 13:35:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/07 13:34:57 | 3689,402,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/07 13:34:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nick\ntuser.ini
[2010/09/07 13

28 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 13:20:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nick\Desktop\mbam-setup.exe
[2010/09/07 13:15:26 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/07 13:15:23 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2010/09/07 13:15:23 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2010/09/07 13:14:53 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2010/09/07 12:50:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\TFC.exe
[2010/09/04 22:52:11 | 000,000,922 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/04 22:52:11 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/03 10:00:07 | 000,001,360 | ---- | M] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Seagate 2GHJV16D Product Registration.lnk
[2010/08/23 17:29:53 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/12 13:15:20 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/12 07:42:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/11 11:32:37 | 000,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 11:25:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 13:38:16 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/10 11:30:27 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 9 Photo Manager.lnk
[2010/08/10 11:22:26 | 000,000,739 | ---- | M] () -- C:\WINDOWS\STImgBrowser.INI
[2010/08/05 19:19:28 | 000,058,984 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/07/29 13:10:37 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/18 19:02:43 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Beatles Tracks.xls
[2010/07/13 14:46:44 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 6.0.lnk
[2010/07/03 17:45:35 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Any Video Converter.lnk
[2010/07/03 17:06:55 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\AT EASE Password 25.01.2010.xls
[2010/07/03 14:54:13 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Worcester Warriors Fixture List 2010 - 2011.xls
[2010/07/03 14:15:36 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Fixture List 2010 - 2011.xls
[2010/07/01 15:05:18 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - NEW MASTER.xls
[2010/07/01 15:01:24 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - RIGHTS ISSUES - NEW SAVINGS UPDATE.xls
[2010/06/29 15:15:41 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\London 2010 Things To Do.xls
[2010/06/29 14:05:49 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES 177 - 24 . JULY . 2009 - NEW SAVINGS UPDATE.xls
[2010/06/29 14:03:45 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 31st DECEMBER 2009 - NEW SAVINGS UPDATE.xls
[2010/06/25 10:02:28 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Tesco Clubcard 26.June.2010.xls
[2010/06/18 14:36:28 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\DVD Flick.lnk
[2010/06/13 23:39:38 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\muse bologna.xls

========== Files Created - No Company Name ==========

[2010/09/07 14:51:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\MBRCheck.exe
[2010/09/07 13:44:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\h16nlzss.exe
[2010/09/07 13:39:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\download.php
[2010/09/07 13

28 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 13:15:26 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/07 13:15:23 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2010/09/07 13:15:23 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2010/09/05 00:03:54 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/09/04 22:52:11 | 000,000,922 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/04 22:52:11 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/18 19:02:39 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Beatles Tracks.xls
[2010/07/14 15:52:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/03 17:45:35 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Any Video Converter.lnk
[2010/07/03 17:06:53 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\AT EASE Password 25.01.2010.xls
[2010/07/03 14:39:47 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Worcester Warriors Fixture List 2010 - 2011.xls
[2010/07/01 15:01:39 | 000,137,728 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - NEW MASTER.xls
[2010/07/01 15:01:21 | 000,137,728 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - RIGHTS ISSUES - NEW SAVINGS UPDATE.xls
[2010/06/29 15:13:48 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\London 2010 Things To Do.xls
[2010/06/25 10:02:28 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Tesco Clubcard 26.June.2010.xls
[2010/06/24 16:47:37 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Fixture List 2010 - 2011.xls
[2010/06/18 14:36:28 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\DVD Flick.lnk
[2010/06/13 23:39:38 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\muse bologna.xls
[2010/04/07 11:44:56 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2009/11/20 13:18:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\FixVTS.ini
[2008/10/28 21:00:43 | 000,002,232 | ---- | C] () -- C:\WINDOWS\coolmp3.ini
[2008/10/28 21:00:42 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini
[2008/10/28 21:00:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2008/10/28 21:00:09 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2008/10/28 20:58:56 | 000,006,413 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2008/07/04 16:01:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/05 22:09:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\wordpad.ini
[2007/07/08 13:49:23 | 018,164,640 | ---- | C] () -- C:\Program Files\aaw2007.exe
[2007/07/07 18:26:59 | 008,429,056 | ---- | C] () -- C:\Program Files\Nero.Mega.Plugin.Pack.msi
[2007/06/10 11:34:29 | 000,001,865 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\QuickZip45.ini
[2007/05/28 14:57:11 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/28 14:31:46 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2007/05/28 14:16:17 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL
[2007/05/14 18:17:39 | 000,000,848 | --S- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/04/29 14:22:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/28 22:40:42 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\FASTWiz.html
[2007/04/28 22:39:38 | 000,030,374 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\FASTWiz.log
[2007/04/28 22:28:18 | 000,000,381 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI
[2007/04/28 22:25:55 | 000,000,266 | ---- | C] () -- C:\WINDOWS\TEXTWARE.INI
[2007/04/28 21:41:36 | 000,000,024 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2007/04/28 21:30:54 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/04/28 20:50:06 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2007/04/13 20:36:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/16 08:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/16 08:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/16 08:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/16 08:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 08:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/16 08:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/16 08:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/20 22:01:06 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2007/04/28 21:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/09/25 16:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/02/28 10

44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/04/13 20:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/08/11 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/04/28 21:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/09/04 22:52:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2007/05/01 10:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\ACD Systems
[2010/07/03 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\AnvSoft
[2010/09/07 15:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Free Download Manager
[2009/01/09 16

51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\ImgBurn
[2009/09/18 10:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Leadertech
[2010/08/11 20:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Trusteer
[2007/04/28 22:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\VCOM
[2008/07/22 13:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\VTExtra
[2010/09/07 13:37:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/01/15 17:34:48 | 000,034,816 | ---- | M] () -- C:\2010_calendar_vertical.doc
[2010/09/07 13:34:55 | 000,043,400 | ---- | M] () -- C:\aaw7boot.log
[2007/04/13 19:05:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/09 20:35:22 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2007/04/13 19:05:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/12/29 06:57:36 | 000,017,505 | R--- | M] () -- C:\DBI.EXE
[2009/09/17 15:24:50 | 006,709,566 | ---- | M] (FreeDownloadManager.ORG ) -- C:\fdminst3.exe
[2010/09/07 13:34:57 | 3689,402,368 | -HS- | M] () -- C:\hiberfil.sys
[2007/04/13 19:05:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/07 16:30:28 | 399,441,919 | ---- | M] () -- C:\LOGICAL VOLUME IDENTIFIER.ISO
[2007/04/13 19:05:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/17 11:03:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/07 13:34:56 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2007/05/12 20:26:26 | 000,328,838 | ---- | M] () -- C:\Picture 043a.jpg
[2007/05/12 20:28:12 | 000,255,780 | ---- | M] () -- C:\Picture 102a.jpg

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/04/13 19:05:31 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2007/07/08 13:53:48 | 018,164,640 | ---- | M] () -- C:\Program Files\aaw2007.exe
[2007/04/29 15:36:46 | 015,505,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2007/07/07 18:29:56 | 008,429,056 | ---- | M] () -- C:\Program Files\Nero.Mega.Plugin.Pack.msi
[2007/04/29 21:13:27 | 025,755,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/06/11 20:54:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/11 20:54:36 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/11 20:54:36 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/17 11:12:06 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/04/13 20:03:37 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/11/28 12:29:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2006/01/04 15:05:26 | 002,855,080 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\aawsepersonal.exe
[2009/01/22 11:49:20 | 034,543,112 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Nick\Desktop\Ad-AwareAE.exe
[2005/12/29 15:04:40 | 000,970,049 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\arb_setup.exe
[2008/08/05 13:31:51 | 002,228,534 | ---- | M] ( ) -- C:\Documents and Settings\Nick\Desktop\audacity-win-1.2.6.exe
[2009/09/18 12:53:29 | 000,165,006 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ContextMenu.exe
[2009/05/04 09:41:22 | 000,223,368 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\CrucialUKScan.exe
[2009/10/22 10:37:50 | 007,371,062 | ---- | M] ( ) -- C:\Documents and Settings\Nick\Desktop\dvdflick_setup_1.2.2.1.exe
[2009/04/17 17:18:41 | 012,775,295 | ---- | M] (Dennis Meuwissen ) -- C:\Documents and Settings\Nick\Desktop\dvdflick_setup_1.3.0.6.exe
[2010/09/07 13:14:53 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2009/09/25 16:26:29 | 006,712,700 | ---- | M] (FreeDownloadManager.ORG ) -- C:\Documents and Settings\Nick\Desktop\fdminst3.exe
[2007/01/15 10:36:30 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\FixVTS.exe
[2010/09/07 13:44:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\h16nlzss.exe
[2010/09/07 13:20:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nick\Desktop\mbam-setup.exe
[2010/09/07 14:51:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\MBRCheck.exe
[2005/12/02 09:38:32 | 012,754,672 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Nick\Desktop\MP10Setup.exe
[2010/09/07 14:54:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2006/01/20 17:50:20 | 006,717,292 | ---- | M] (KL ) -- C:\Documents and Settings\Nick\Desktop\realalt146.exe
[2007/05/01 10:32:17 | 006,448,349 | ---- | M] ( ) -- C:\Documents and Settings\Nick\Desktop\realalt152.exe
[2010/09/07 12:50:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\TFC.exe
[2009/08/05 17:14:50 | 025,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Nick\Desktop\wmp11-windowsxp-x86-enu.exe
[2009/09/18 18:09:20 | 001,374,154 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\wrar390.exe
[2006/01/02 17:43:46 | 001,938,496 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\XoftSpy421_139.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2007/05/12 12:11:47 | 004,850,920 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\aawsepersonal.exe
[2008/05/05 16:04:05 | 108,667,992 | ---- | M] (Maxtor) -- C:\Documents and Settings\Nick\My Documents\MaxBlastSetup.en.exe
[2007/06/10 11:28:57 | 001,207,026 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\wrar370.exe

< %USERPROFILE%\*.exe >
[2009/01/09 15:10:16 | 001,971,378 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Nick\SetupImgBurn_2.4.2.0.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/04/13 20:03:37 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Nick\Favorites\Desktop.ini
[2003/06/07 13:27:34 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Nick\Favorites\Shortcut to Favorites.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/07 14:54:11 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Nick\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 15:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 19:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 19:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 19:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1997/07/31 13:28:46 | 000,007,437 | ---- | M] () -- C:\WINDOWS\system\TWADST10.EXE
[1997/08/04 16:15:18 | 000,019,456 | ---- | M] (TEXTware A/S) -- C:\WINDOWS\system\TWAVER32.EXE
[2002/08/14 15:03:38 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< >

< Read more: http://www.d-a-l.com/help/spyware-ad...#ixzz0yqtb4T8y >
Invalid Switch: 68933-read-first-important-instructions-updated.html#ixzz0yqtb4T8y

< End of report >

**Whoosh** · 07-09-2010

Hello Again!

Final OTL Log, once again thanks for your help.

OTL - Extras Custom Scan

OTL Extras logfile created on: 07/09/2010 15:03:13 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format:

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 29.66 Gb Free Space | 12.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESK
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [File Finder...] -- C:\Program Files\VCOM\PowerDesk\pdfind.exe /PATH:%1 (Avanquest Publishing USA, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
FirstRunDisabled = 1
AntiVirusDisableNotify = 0
FirewallDisableNotify = 0
UpdatesDisableNotify = 0
AntiVirusOverride = 1
FirewallOverride = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
DisableMonitoring = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
DisableMonitoring = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
DisableMonitoring = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
139:TCP = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
445:TCP = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
137:UDP = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
138:UDP = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
EnableFirewall = 0
DoNotAllowExceptions = 0
DisableNotifications = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
1900:UDP = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
2869:TCP = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
139:TCP = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
445:TCP = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
137:UDP = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
138:UDP = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
C:\WINDOWS\system32\usmt\migwiz.exe = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:File s and Settings Transfer Wizard -- (Microsoft Corporation)
C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4 .EXE = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4 .EXE:*

isabled:SAgent4 -- (SEIKO EPSON CORPORATION)
C:\Program Files\Media Player Classic\mplayerc.exe = C:\Program Files\Media Player Classic\mplayerc.exe:*

isabled:Media Player Classic -- (Gabest)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
{00030409-78E1-11D2-B60F-006097C998E7} = Microsoft Office 2000 Small Business
{00040409-78E1-11D2-B60F-006097C998E7} = Microsoft Office 2000 Disc 2
{00203668-8170-44A0-BE44-B632FA4D780F} = Adobe AIR
{0D499481-22C6-4B25-8AC2-6D3F6C885FB9} = OpenOffice.org Installer 1.0
{109D28C7-FB38-483A-9C91-001CB59E2699} = EPSON CardMonitor
{18455581-E099-4BA8-BC6B-F34B2F06600C} = Google Toolbar for Internet Explorer
{1A15507A-8551-4626-915D-3D5FA095CC1B} = Corel Paint Shop Pro X
{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215} = Rapport
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = Google Toolbar for Internet Explorer
{23B59B9F-C360-11D7-875B-0090CC005647} = PIF DESIGNER2.1
{23B59ED4-C360-11D7-875B-0090CC005647} = EPSON PRINT Image Framer Tool2.1
{26A24AE4-039D-4CA4-87B4-2F83216019FF} = Java(TM) 6 Update 21
{3248F0A8-6813-11D6-A77B-00B0D0160010} = Java(TM) SE Runtime Environment 6 Update 1
{3248F0A8-6813-11D6-A77B-00B0D0160020} = Java(TM) 6 Update 2
{3248F0A8-6813-11D6-A77B-00B0D0160030} = Java(TM) 6 Update 3
{3248F0A8-6813-11D6-A77B-00B0D0160050} = Java(TM) 6 Update 5
{3248F0A8-6813-11D6-A77B-00B0D0160070} = Java(TM) 6 Update 7
{338F08AB-C262-42C7-B000-34DE1A475273} = Ad-Aware Email Scanner for Outlook
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} = WebFldrs XP
{38A0BB97-772D-422E-BCCA-4BA2A5D81F42} = ACDSee 6.0 PowerPack
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{546C7D0B-1E12-4573-BCD0-F5B0D3C66A74} = ArcSoft PhotoImpression 4
{65F5B7AF-3363-11D7-BB6B-00018021113F} = EPSON PhotoQuicker3.5
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} = MSIDVD
{7299052b-02a4-4627-81f2-1818da5d550d} = Microsoft Visual C++ 2005 Redistributable
{770657D0-A123-3C07-8E44-1C83EC895118} = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
{77DCDCE3-2DED-62F3-8154-05E745472D07} = Acrobat.com
{9EE54C1F-FC99-44D6-916A-0CA2D45E740F} = Digimax Viewer 2.1
{AC76BA86-7AD7-1033-7B44-A93000000001} = Adobe Reader 9.3.4
{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238} = ACDSee 9 Photo Manager
{B93251B5-9209-4DAB-867C-AA98D91584CD} = PowerDesk 6
{C48817E7-AA05-4151-A99D-1E1E550CE801} = EPSON PhotoStarter3.1
{CCD663AE-610D-4BDF-AAB0-E914B044527D} = OpenMG Secure Module 4.7.00
{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7} = SpeedTouch USB Software
{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} = Ad-Aware
{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5} = ScanToWeb
{EF901A4B-A25A-4962-83C6-C6691D062ED9} = Nero Mega Plugin Pack
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} = Realtek High Definition Audio Driver
{F333A33D-125C-32A2-8DCE-5C5D14231E27} = Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 = Visual C++ 2008 x86 Runtime - v9.0.30729.01
{FC561DD3-E864-41B1-8F48-3EC3DACBDB2D} = Digimax A4
{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4} = EPSON Print CD
abramania - mahjongg = abramania - mahjongg 1.0
Ad-Aware = Ad-Aware
Adobe AIR = Adobe AIR
Adobe Flash Player ActiveX = Adobe Flash Player 10 ActiveX
Any Video Converter_is1 = Any Video Converter 3.0.6
Audacity_is1 = Audacity 1.2.6
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B32048 5DF8CE.1 = Acrobat.com
Cool Edit 2000 = Cool Edit 2000
Coupon Printer2.0 = Coupon Printer
DVD Flick_is1 = DVD Flick 1.3.0.7
eMusic Promotion = eMusic - 50 Free MP3 offer
EPSON Printer and Utilities = EPSON Printer Software
ERUNT_is1 = ERUNT 1.1j
ESPR300 Reference Guide = ESPR300 Reference Guide
ESPR300 Software Guide = ESPR300 Software Guide
ESPR300 Standalone Guide = ESPR300 Standalone Guide
Free Download Manager_is1 = Free Download Manager 3.0
IDNMitigationAPIs = Microsoft Internationalized Domain Names Mitigation APIs
ie7 = Windows Internet Explorer 7
ie8 = Windows Internet Explorer 8
ImgBurn = ImgBurn
InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D} = OpenMG Secure Module 4.7.00
MahJongg Solitaire 3D = MahJongg Solitaire 3D
Malwarebytes' Anti-Malware_is1 = Malwarebytes' Anti-Malware
MSCompPackV1 = Microsoft Compression Client Pack 1.0 for Windows XP
Nero - Burning Rom!UninstallKey = Nero 6 Ultra Edition
NeroVision!UninstallKey = NeroVision Express 3
NIS = Norton Internet Security
NLSDownlevelMapping = Microsoft National Language Support Downlevel APIs
NVIDIA Drivers = NVIDIA Drivers
Paint Shop Pro 4.15 = Paint Shop Pro 4.15 SE
Quick Zip_is1 = Quick Zip 4.60.018
Rapport_msi = Rapport
RealAlt_is1 = Real Alternative 1.52
Winamp = Winamp (remove only)
Windows Media Format Runtime = Windows Media Format 11 runtime
Windows Media Player = Windows Media Player 11
Windows XP Service Pack = Windows XP Service Pack 3
WinRAR archiver = WinRAR archiver
WMFDist11 = Windows Media Format 11 runtime
wmp11 = Windows Media Player 11
Wudf01000 = Microsoft User-Mode Driver Framework Feature Pack 1.0
Yahoo! Companion = Yahoo! Toolbar
Yahoo! Toolbar = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/09/2010 03:13:05 | Computer Name = DESK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2010 03:13:16 | Computer Name = DESK | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2010 03:13:24 | Computer Name = DESK | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 04/09/2010 04:08:38 | Computer Name = DESK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 04/09/2010 14:45:39 | Computer Name = DESK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 04/09/2010 15

31 | Computer Name = DESK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 04/09/2010 17:52:23 | Computer Name = DESK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 04/09/2010 20:24:36 | Computer Name = DESK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 05/09/2010 09:48:40 | Computer Name = DESK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 06/09/2010 06:43:46 | Computer Name = DESK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 04/09/2010 18:53:13 | Computer Name = DESK | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0019213EE852 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 04/09/2010 20:24:48 | Computer Name = DESK | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 05/09/2010 09:48:52 | Computer Name = DESK | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 05/09/2010 15:44:11 | Computer Name = DESK | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 0019213EE852 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 06/09/2010 06:43:58 | Computer Name = DESK | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 07/09/2010 07:44:17 | Computer Name = DESK | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.2 on
the Network Card with network address 0019213EE852.

Error - 07/09/2010 07:51:16 | Computer Name = DESK | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 07/09/2010 07:51:16 | Computer Name = DESK | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 07/09/2010 07:51:27 | Computer Name = DESK | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 07/09/2010 09:13:51 | Computer Name = DESK | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{9E8D72C1-D197-4EF3-97F5-7CED84A98802}. The
backup browser is stopping.

< End of report >

Many Many Thanks!

**broni** · 08-09-2010

Welcome aboard

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**Whoosh** · 08-09-2010

Hi Broni,

Thanks for such a quick reply. This site is simply awesome. As requested please find the ComboFix.txt log.

You folks are so kind, I really appreciate it.

ComboFix 10-09-07.01 - Nick 08/09/2010 9:58.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3518.2798 [GMT 1:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-07 12:15 . 2010-09-07 12:15 -------- d-----w- c:\program files\ERUNT
2010-09-06 08:25 . 2010-09-06 08:25 353512 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\19514\R apportMS.dll
2010-09-06 08:25 . 2010-09-06 08:25 12544 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\19514\R apportIaso.sys
2010-09-04 23:03 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-04 21:52 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-04 21:52 . 2010-09-04 21:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-04 21:52 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-26 11:11 . 2010-08-26 11:11 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Sunbelt Software
2010-08-11 19:01 . 2010-08-11 19:01 -------- d-----w- c:\documents and settings\Nick\Application Data\Trusteer
2010-08-11 19:01 . 2010-08-11 19:01 -------- d-----w- c:\program files\Trusteer
2010-08-11 18:59 . 2010-08-11 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
2010-08-11 10:33 . 2010-08-11 10:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-08 09:03 . 2009-09-25 15:27 -------- d-----w- c:\documents and settings\Nick\Application Data\Free Download Manager
2010-09-07 12:21 . 2010-09-07 12:21 -------- d-----w- c:\documents and settings\Nick\Application Data\Malwarebytes
2010-09-07 12:21 . 2010-09-07 12:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 12:21 . 2010-09-07 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-04 21:51 . 2007-07-08 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-04 21:51 . 2007-05-12 11:13 -------- d-----w- c:\program files\Lavasoft
2010-09-03 10:43 . 2009-04-17 16:20 -------- d-----w- c:\documents and settings\Nick\Application Data\DVD Flick
2010-08-12 06:42 . 2010-02-19 09:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-05 18:29 . 2010-08-05 18:29 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\18481\R apportMS.dll
2010-08-05 18:29 . 2010-08-05 18:29 468200 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 8130\RapportCerberus.dll
2010-08-05 18:29 . 2010-08-05 18:29 34536 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 8130\RapportCerberus_18130.sys
2010-08-05 18:19 . 2010-08-05 18:19 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-08-05 10:00 . 2007-06-17 18:31 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 10:00 . 2007-06-17 18:34 -------- d-----w- c:\program files\Java
2010-08-05 09:43 . 2010-08-05 09:43 503808 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-5863157c-n\msvcp71.dll
2010-08-05 09:43 . 2010-08-05 09:43 499712 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-5863157c-n\jmc.dll
2010-08-05 09:43 . 2010-08-05 09:43 348160 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-5863157c-n\msvcr71.dll
2010-08-05 09:43 . 2010-08-05 09:43 61440 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-37984eb0-n\decora-sse.dll
2010-08-05 09:43 . 2010-08-05 09:43 12800 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-37984eb0-n\decora-d3d.dll
2010-07-17 04:00 . 2010-05-04 09:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-04-13 18:03 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2007-07-08 12:53 . 2007-07-08 12:49 18164640 ----a-w- c:\program files\aaw2007.exe
2007-07-07 17:29 . 2007-07-07 17:26 8429056 ----a-w- c:\program files\Nero.Mega.Plugin.Pack.msi
2007-04-29 20:13 . 2007-04-29 20:13 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2007-04-29 14:36 . 2007-04-29 14:36 15505200 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-11 68856]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_S4I0F2.EXE" [2003-09-11 99840]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"gcNotifier"="c:\documents and settings\Nick\Local Settings\Application Data\VTShared\GCNotifier.exe" [2008-04-10 176128]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Nick\Start Menu\Programs\Startup\
Dialog Helper.lnk - c:\program files\VCOM\PowerDesk\pddlghlp.exe [2005-10-4 40960]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Seagate 2GHJV16D Product Registration.lnk - c:\documents and settings\Nick\Application Data\Leadertech\PowerRegister\Seagate 2GHJV16D Product Registration.exe [2009-9-18 1731736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digimax Viewer 2.1.lnk - c:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2007-5-28 634880]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \SAGENT4.EXE"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [04/09/2010 22:52 64288]
R0 RapportKELL;RapportKELL;c:\windows\system32\driver s\RapportKELL.sys [05/08/2010 19:19 58984]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\ symds.sys [02/06/2010 13:19 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000 .00C\symefa.sys [02/06/2010 13:19 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20100810.004\BHDrvx86.sys [19/08/2010 08:39 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.0 0C\cchpx86.sys [02/06/2010 13:19 501888]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\doc uments and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 8130\RapportCerberus_18130.sys [05/08/2010 19:29 34536]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [05/08/2010 19:19 168936]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C \ironx86.sys [02/06/2010 13:19 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [02/06/2010 13:19 126392]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [05/08/2010 19:19 763112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [02/06/2010 13:13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0100906.001\IDSXpx86.sys [07/09/2010 12:46 331640]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 13:15 1355928]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PXTDAPOC
*Deregistered* - Lavasoft Kernexplorer
*Deregistered* - pxtdapoc
.
Contents of the 'Scheduled Tasks' folder

2010-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 22:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-08 10:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N IS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(15552)
c:\windows\system32\WININET.dll
c:\program files\VCOM\PowerDesk\pddlghlp.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-08 10:06:40
ComboFix-quarantined-files.txt 2010-09-08 09:06

Pre-Run: 31,731,490,816 bytes free
Post-Run: 32,362,242,048 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 608E96E37134560AD70BF7E196CE248A

**broni** · 09-09-2010

So far, it looks pretty good

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**Whoosh** · 09-09-2010

Hi Broni,

Thanks once again, please find enclosed the required log as requested.

ComboFix 10-09-08.01 - Nick 09/09/2010 9:22.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3518.2686 [GMT 1:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nick\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.

2010-09-07 12:21 . 2010-09-07 12:21 -------- d-----w- c:\documents and settings\Nick\Application Data\Malwarebytes
2010-09-07 12:21 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 12:21 . 2010-09-07 12:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 12:21 . 2010-09-07 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-07 12:21 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 12:15 . 2010-09-07 12:15 -------- d-----w- c:\program files\ERUNT
2010-09-06 08:25 . 2010-09-06 08:25 353512 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\19514\R apportMS.dll
2010-09-06 08:25 . 2010-09-06 08:25 12544 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\19514\R apportIaso.sys
2010-09-04 23:03 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-04 21:52 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-04 21:52 . 2010-09-04 21:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-04 21:52 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-26 11:11 . 2010-08-26 11:11 -------- d-----w- c:\documents and settings\Nick\Local Settings\Application Data\Sunbelt Software
2010-08-11 19:01 . 2010-08-11 19:01 -------- d-----w- c:\documents and settings\Nick\Application Data\Trusteer
2010-08-11 19:01 . 2010-08-11 19:01 -------- d-----w- c:\program files\Trusteer
2010-08-11 18:59 . 2010-08-11 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
2010-08-11 10:33 . 2010-08-11 10:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-09-09 08:18 . 2009-09-25 15:27 -------- d-----w- c:\documents and settings\Nick\Application Data\Free Download Manager
2010-09-09 07:49 . 2010-02-19 09:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-04 21:51 . 2007-07-08 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-09-04 21:51 . 2007-05-12 11:13 -------- d-----w- c:\program files\Lavasoft
2010-09-03 10:43 . 2009-04-17 16:20 -------- d-----w- c:\documents and settings\Nick\Application Data\DVD Flick
2010-08-05 18:29 . 2010-08-05 18:29 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\18481\R apportMS.dll
2010-08-05 18:29 . 2010-08-05 18:29 468200 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 8130\RapportCerberus.dll
2010-08-05 18:29 . 2010-08-05 18:29 34536 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 8130\RapportCerberus_18130.sys
2010-08-05 18:19 . 2010-08-05 18:19 58984 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-08-05 10:00 . 2007-06-17 18:31 -------- d-----w- c:\program files\Common Files\Java
2010-08-05 10:00 . 2007-06-17 18:34 -------- d-----w- c:\program files\Java
2010-08-05 09:43 . 2010-08-05 09:43 503808 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-5863157c-n\msvcp71.dll
2010-08-05 09:43 . 2010-08-05 09:43 499712 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-5863157c-n\jmc.dll
2010-08-05 09:43 . 2010-08-05 09:43 348160 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-5863157c-n\msvcr71.dll
2010-08-05 09:43 . 2010-08-05 09:43 61440 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-37984eb0-n\decora-sse.dll
2010-08-05 09:43 . 2010-08-05 09:43 12800 ----a-w- c:\documents and settings\Nick\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-37984eb0-n\decora-d3d.dll
2010-07-17 04:00 . 2010-05-04 09:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-04-13 18:03 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2007-07-08 12:53 . 2007-07-08 12:49 18164640 ----a-w- c:\program files\aaw2007.exe
2007-07-07 17:29 . 2007-07-07 17:26 8429056 ----a-w- c:\program files\Nero.Mega.Plugin.Pack.msi
2007-04-29 20:13 . 2007-04-29 20:13 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2007-04-29 14:36 . 2007-04-29 14:36 15505200 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-09-08_09.04.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-08 09:12 . 2010-09-08 09:12 16384 c:\windows\Temp\Perflib_Perfdata_d4.dat
+ 2010-09-08 09:10 . 2010-09-08 09:10 16384 c:\windows\Temp\Perflib_Perfdata_a8.dat
+ 2010-09-08 09:11 . 2010-09-08 09:11 303104 c:\windows\ERDNT\AutoBackup\08-09-2010\Users\00000002\UsrClass.dat
+ 2010-09-08 09:11 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\08-09-2010\ERDNT.EXE
+ 2010-09-08 09:11 . 2010-09-08 09:11 8450048 c:\windows\ERDNT\AutoBackup\08-09-2010\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-06-11 68856]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-16 7630848]
"nwiz"="nwiz.exe" [2006-08-16 1617920]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2006-08-16 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\ 3\E_S4I0F2.EXE" [2003-09-11 99840]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"gcNotifier"="c:\documents and settings\Nick\Local Settings\Application Data\VTShared\GCNotifier.exe" [2008-04-10 176128]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Nick\Start Menu\Programs\Startup\
Dialog Helper.lnk - c:\program files\VCOM\PowerDesk\pddlghlp.exe [2005-10-4 40960]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Seagate 2GHJV16D Product Registration.lnk - c:\documents and settings\Nick\Application Data\Leadertech\PowerRegister\Seagate 2GHJV16D Product Registration.exe [2009-9-18 1731736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digimax Viewer 2.1.lnk - c:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2007-5-28 634880]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\ \SAGENT4.EXE"=
"c:\\Program Files\\Media Player Classic\\mplayerc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [04/09/2010 22:52 64288]
R0 RapportKELL;RapportKELL;c:\windows\system32\driver s\RapportKELL.sys [05/08/2010 19:19 58984]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\ symds.sys [02/06/2010 13:19 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000 .00C\symefa.sys [02/06/2010 13:19 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20100810.004\BHDrvx86.sys [19/08/2010 08:39 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.0 0C\cchpx86.sys [02/06/2010 13:19 501888]
R1 RapportCerberus_18130;RapportCerberus_18130;c:\doc uments and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 8130\RapportCerberus_18130.sys [05/08/2010 19:29 34536]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [05/08/2010 19:19 168936]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C \ironx86.sys [02/06/2010 13:19 116784]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [02/06/2010 13:19 126392]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [05/08/2010 19:19 763112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [02/06/2010 13:13 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0100908.001\IDSXpx86.sys [09/09/2010 08:52 331640]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/08/2010 13:15 1355928]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 13:15 15008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 22:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-09 09:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N IS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(27216)
c:\windows\system32\WININET.dll
c:\program files\VCOM\PowerDesk\pddlghlp.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-09 09:29:54
ComboFix-quarantined-files.txt 2010-09-09 08:29
ComboFix2.txt 2010-09-09 08:19
ComboFix3.txt 2010-09-08 09:06

Pre-Run: 32,313,446,400 bytes free
Post-Run: 32,289,349,632 bytes free

- - End Of File - - C0670641EDBC2660F6F45D871E01C9B3

Thanks Broni!

**broni** · 09-09-2010

Looks good

Please, re-run OTL "Quick scan" and post new log.

**Whoosh** · 10-09-2010

Hi Broni,

Thanks once aaain for your help!

Please find below the OTL logs. I ran it as a custom scan as originally requested and just an ordinary quick scan as I was not sure which to do. I hope that's ok. Once again I will post in two posts as my internet connection is not quick enough to post!

The results of the custom scan are below, thank you.

CUSTOM SCAN

OTL logfile created on: 10/09/2010 13:57:03 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format:

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 77.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 30.06 Gb Free Space | 12.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESK
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/07 14:54:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
PRC - [2010/09/04 23:54:01 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/09/04 23:53:58 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/05 19:19:20 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/08/05 19:19:18 | 000,763,112 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/02/26 01

50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/01/31 03:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 23:11:50 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2007/05/14 23:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2005/12/21 20:23:58 | 000,278,528 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2005/10/04 13:16:46 | 000,040,960 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
PRC - [2004/08/20 13:58:24 | 000,634,880 | ---- | M] (STOIK Imaging (Photo and Video editor, converter, media browser, morphing, noise reduction, red eye remove, photo panorama creation, cross stitch pattern, pain by number software - STOIK Imaging)) -- C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
PRC - [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe

========== Modules (SafeList) ==========

MOD - [2010/09/07 14:54:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
MOD - [2010/08/05 19:19:26 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/05/14 06:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/14 01:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/10/04 13:16:30 | 000,081,920 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/04 23:53:58 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/05 19:19:18 | 000,763,112 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/02/26 01

50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2006/12/14 02

20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMRED RV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDI S.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS .SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW. SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS .SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Nick\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 13:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/10 02:11:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/08/05 19:29:22 | 000,034,536 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 8130\RapportCerberus_18130.sys -- (RapportCerberus_18130)
DRV - [2010/08/05 19:19:28 | 000,168,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/08/05 19:19:28 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/07/14 02:00:43 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100909.049\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 02:00:43 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100909.049\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/02 13:13:45 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/02 13:13:45 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 20:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0100909.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/06 05:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI .SYS -- (SYMTDI)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx8 6.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA .SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP. SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX .SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/28 18:45:55 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx8 6.sys -- (ccHP)
DRV - [2009/08/30 01:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS. SYS -- (SymDS)
DRV - [2009/04/13 15:37:01 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2008/04/13 19

49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/16 08:35:00 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/11 14:38:30 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 14:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/28 10:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/14 04:04:12 | 004,299,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA059 1-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/06/02 13:25:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F365 1-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/02/28 19:05:48 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [gcNotifier] C:\Documents and Settings\Nick\Local Settings\Application Data\VTShared\gcnotifier.exe (Golden Casino)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe (STOIK Imaging (Photo and Video editor, converter, media browser, morphing, noise reduction, red eye remove, photo panorama creation, cross stitch pattern, pain by number software - STOIK Imaging))
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe (Avanquest Publishing USA, Inc.)
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Seagate 2GHJV16D Product Registration.lnk = C:\Documents and Settings\Nick\Application Data\Leadertech\PowerRegister\Seagate 2GHJV16D Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1229547600890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/13 19:05:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.JPEG - C:\WINDOWS\System32\JPEGCODE.DLL ()
Drivers32: VIDC.MPEG - C:\WINDOWS\System32\JPEGCODE.DLL ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/08 09:57:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/08 09:54:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/08 09:54:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/08 09:54:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/08 09:54:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/08 09:54:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/07 15:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\Spyware Sep 2010
[2010/09/07 14:54:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/09/07 13

35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Malwarebytes
[2010/09/07 13

25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/07 13

24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/07 13

24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 13

24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/07 13:19:14 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nick\Desktop\mbam-setup.exe
[2010/09/07 13:15:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/07 13:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/07 13:14:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2010/09/07 12:49:57 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\TFC.exe
[2010/09/04 22:52:33 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/09/04 22:52:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/26 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Sunbelt Software
[2010/08/11 20:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Trusteer
[2010/08/11 20:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/08/11 19:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/05 19:19:28 | 000,058,984 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/07/03 17:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\Any Video Converter
[2010/07/03 17:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\AnvSoft
[2010/07/03 17:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/06/29 14:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\FINANCES 2009 - 2010
[2010/06/18 14:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVD FlickCurrent
[2007/04/29 21:13:23 | 025,755,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2007/04/29 15:36:39 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe

========== Files - Modified Within 90 Days ==========

[2010/09/09 09:38:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/09 09:35:18 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/09 09:35:14 | 000,013,746 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/09 09:34:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/09 09:34:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/09 09:34:51 | 3689,402,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/09 09:33:59 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Nick\NTUSER.DAT
[2010/09/09 09:33:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nick\ntuser.ini
[2010/09/09 09:27:58 | 000,000,252 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/09 09:08:51 | 003,840,723 | R--- | M] () -- C:\Documents and Settings\Nick\Desktop\ComboFix.exe
[2010/09/09 08:49:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/08 10:07:15 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Microsoft Excel.lnk
[2010/09/08 09:57:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/07 14:54:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/09/07 14:51:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\MBRCheck.exe
[2010/09/07 13:44:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\h16nlzss.exe
[2010/09/07 13:41:59 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\download.php
[2010/09/07 13

28 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 13:20:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nick\Desktop\mbam-setup.exe
[2010/09/07 13:15:26 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/07 13:15:23 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2010/09/07 13:15:23 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2010/09/07 13:14:53 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2010/09/07 12:50:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\TFC.exe
[2010/09/04 22:52:11 | 000,000,922 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/04 22:52:11 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/03 10:00:07 | 000,001,360 | ---- | M] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Seagate 2GHJV16D Product Registration.lnk
[2010/08/23 17:29:53 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/12 13:15:20 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/11 11:32:37 | 000,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 11:25:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 13:38:16 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/10 11:30:27 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 9 Photo Manager.lnk
[2010/08/10 11:22:26 | 000,000,739 | ---- | M] () -- C:\WINDOWS\STImgBrowser.INI
[2010/08/05 19:19:28 | 000,058,984 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/07/29 13:10:37 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/18 19:02:43 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Beatles Tracks.xls
[2010/07/13 14:46:44 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 6.0.lnk
[2010/07/03 17:45:35 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Any Video Converter.lnk
[2010/07/03 17:06:55 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\AT EASE Password 25.01.2010.xls
[2010/07/03 14:54:13 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Worcester Warriors Fixture List 2010 - 2011.xls
[2010/07/03 14:15:36 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Fixture List 2010 - 2011.xls
[2010/07/01 15:05:18 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - NEW MASTER.xls
[2010/07/01 15:01:24 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - RIGHTS ISSUES - NEW SAVINGS UPDATE.xls
[2010/06/29 15:15:41 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\London 2010 Things To Do.xls
[2010/06/29 14:05:49 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES 177 - 24 . JULY . 2009 - NEW SAVINGS UPDATE.xls
[2010/06/29 14:03:45 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 31st DECEMBER 2009 - NEW SAVINGS UPDATE.xls
[2010/06/25 10:02:28 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Tesco Clubcard 26.June.2010.xls
[2010/06/18 14:36:28 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\DVD Flick.lnk
[2010/06/13 23:39:38 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\muse bologna.xls

========== Files Created - No Company Name ==========

[2010/09/08 09:57:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/08 09:57:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/08 09:54:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/08 09:54:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/08 09:54:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/08 09:54:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/08 09:54:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/08 09:09:26 | 003,840,723 | R--- | C] () -- C:\Documents and Settings\Nick\Desktop\ComboFix.exe
[2010/09/07 14:51:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\MBRCheck.exe
[2010/09/07 13:44:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\h16nlzss.exe
[2010/09/07 13:39:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\download.php
[2010/09/07 13

28 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 13:15:26 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/07 13:15:23 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2010/09/07 13:15:23 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2010/09/05 00:03:54 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/09/04 22:52:11 | 000,000,922 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/04 22:52:11 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/18 19:02:39 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Beatles Tracks.xls
[2010/07/14 15:52:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/03 17:45:35 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Any Video Converter.lnk
[2010/07/03 17:06:53 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\AT EASE Password 25.01.2010.xls
[2010/07/03 14:39:47 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Worcester Warriors Fixture List 2010 - 2011.xls
[2010/07/01 15:01:39 | 000,137,728 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - NEW MASTER.xls
[2010/07/01 15:01:21 | 000,137,728 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - RIGHTS ISSUES - NEW SAVINGS UPDATE.xls
[2010/06/29 15:13:48 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\London 2010 Things To Do.xls
[2010/06/25 10:02:28 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Tesco Clubcard 26.June.2010.xls
[2010/06/24 16:47:37 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Fixture List 2010 - 2011.xls
[2010/06/18 14:36:28 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\DVD Flick.lnk
[2010/06/13 23:39:38 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\muse bologna.xls
[2010/04/07 11:44:56 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2009/11/20 13:18:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\FixVTS.ini
[2008/10/28 21:00:43 | 000,002,232 | ---- | C] () -- C:\WINDOWS\coolmp3.ini
[2008/10/28 21:00:42 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini
[2008/10/28 21:00:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2008/10/28 21:00:09 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2008/10/28 20:58:56 | 000,006,413 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2008/07/04 16:01:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/05 22:09:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\wordpad.ini
[2007/07/08 13:49:23 | 018,164,640 | ---- | C] () -- C:\Program Files\aaw2007.exe
[2007/07/07 18:26:59 | 008,429,056 | ---- | C] () -- C:\Program Files\Nero.Mega.Plugin.Pack.msi
[2007/06/10 11:34:29 | 000,001,865 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\QuickZip45.ini
[2007/05/28 14:57:11 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/28 14:31:46 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2007/05/28 14:16:17 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL
[2007/05/14 18:17:39 | 000,000,848 | --S- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/04/29 14:22:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/28 22:40:42 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\FASTWiz.html
[2007/04/28 22:39:38 | 000,030,374 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\FASTWiz.log
[2007/04/28 22:28:18 | 000,000,381 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI
[2007/04/28 22:25:55 | 000,000,266 | ---- | C] () -- C:\WINDOWS\TEXTWARE.INI
[2007/04/28 21:41:36 | 000,000,024 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2007/04/28 21:30:54 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/04/28 20:50:06 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2007/04/13 20:36:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/16 08:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/16 08:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/16 08:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/16 08:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 08:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/16 08:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/16 08:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/20 22:01:06 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2007/04/28 21:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/09/25 16:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/02/28 10

44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/04/13 20:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/08/11 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/04/28 21:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/09/04 22:52:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2007/05/01 10:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\ACD Systems
[2010/07/03 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\AnvSoft
[2010/09/10 13:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Free Download Manager
[2009/01/09 16

51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\ImgBurn
[2009/09/18 10:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Leadertech
[2010/08/11 20:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Trusteer
[2007/04/28 22:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\VCOM
[2008/07/22 13:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\VTExtra
[2010/09/09 09:38:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/01/15 17:34:48 | 000,034,816 | ---- | M] () -- C:\2010_calendar_vertical.doc
[2010/09/09 09:34:50 | 000,043,848 | ---- | M] () -- C:\aaw7boot.log
[2007/04/13 19:05:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/09 20:35:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/09/08 09:57:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/09 09:29:55 | 000,014,992 | ---- | M] () -- C:\ComboFix.txt
[2007/04/13 19:05:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/12/29 06:57:36 | 000,017,505 | R--- | M] () -- C:\DBI.EXE
[2009/09/17 15:24:50 | 006,709,566 | ---- | M] (FreeDownloadManager.ORG ) -- C:\fdminst3.exe
[2010/09/09 09:34:51 | 3689,402,368 | -HS- | M] () -- C:\hiberfil.sys
[2007/04/13 19:05:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/07 16:30:28 | 399,441,919 | ---- | M] () -- C:\LOGICAL VOLUME IDENTIFIER.ISO
[2007/04/13 19:05:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/17 11:03:32 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/09 09:34:50 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2007/05/12 20:26:26 | 000,328,838 | ---- | M] () -- C:\Picture 043a.jpg
[2007/05/12 20:28:12 | 000,255,780 | ---- | M] () -- C:\Picture 102a.jpg

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/04/13 19:05:31 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2007/07/08 13:53:48 | 018,164,640 | ---- | M] () -- C:\Program Files\aaw2007.exe
[2007/04/29 15:36:46 | 015,505,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2007/07/07 18:29:56 | 008,429,056 | ---- | M] () -- C:\Program Files\Nero.Mega.Plugin.Pack.msi
[2007/04/29 21:13:27 | 025,755,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/06/11 20:54:36 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/11 20:54:36 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/11 20:54:36 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/07/17 11:12:06 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/04/13 20:03:37 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/11/28 12:29:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2006/01/04 15:05:26 | 002,855,080 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\aawsepersonal.exe
[2009/01/22 11:49:20 | 034,543,112 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Nick\Desktop\Ad-AwareAE.exe
[2005/12/29 15:04:40 | 000,970,049 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\arb_setup.exe
[2008/08/05 13:31:51 | 002,228,534 | ---- | M] ( ) -- C:\Documents and Settings\Nick\Desktop\audacity-win-1.2.6.exe
[2010/09/09 09:08:51 | 003,840,723 | R--- | M] () -- C:\Documents and Settings\Nick\Desktop\ComboFix.exe
[2009/09/18 12:53:29 | 000,165,006 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ContextMenu.exe
[2009/05/04 09:41:22 | 000,223,368 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\CrucialUKScan.exe
[2009/10/22 10:37:50 | 007,371,062 | ---- | M] ( ) -- C:\Documents and Settings\Nick\Desktop\dvdflick_setup_1.2.2.1.exe
[2009/04/17 17:18:41 | 012,775,295 | ---- | M] (Dennis Meuwissen ) -- C:\Documents and Settings\Nick\Desktop\dvdflick_setup_1.3.0.6.exe
[2010/09/07 13:14:53 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2009/09/25 16:26:29 | 006,712,700 | ---- | M] (FreeDownloadManager.ORG ) -- C:\Documents and Settings\Nick\Desktop\fdminst3.exe
[2007/01/15 10:36:30 | 000,118,784 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\FixVTS.exe
[2010/09/07 13:44:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\h16nlzss.exe
[2010/09/07 13:20:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nick\Desktop\mbam-setup.exe
[2010/09/07 14:51:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\MBRCheck.exe
[2005/12/02 09:38:32 | 012,754,672 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Nick\Desktop\MP10Setup.exe
[2010/09/07 14:54:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2006/01/20 17:50:20 | 006,717,292 | ---- | M] (KL ) -- C:\Documents and Settings\Nick\Desktop\realalt146.exe
[2007/05/01 10:32:17 | 006,448,349 | ---- | M] ( ) -- C:\Documents and Settings\Nick\Desktop\realalt152.exe
[2010/09/07 12:50:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\TFC.exe
[2009/08/05 17:14:50 | 025,740,144 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Nick\Desktop\wmp11-windowsxp-x86-enu.exe
[2009/09/18 18:09:20 | 001,374,154 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\wrar390.exe
[2006/01/02 17:43:46 | 001,938,496 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\XoftSpy421_139.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2007/05/12 12:11:47 | 004,850,920 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\aawsepersonal.exe
[2008/05/05 16:04:05 | 108,667,992 | ---- | M] (Maxtor) -- C:\Documents and Settings\Nick\My Documents\MaxBlastSetup.en.exe
[2007/06/10 11:28:57 | 001,207,026 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\wrar370.exe

< %USERPROFILE%\*.exe >
[2009/01/09 15:10:16 | 001,971,378 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Nick\SetupImgBurn_2.4.2.0.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/04/13 20:03:37 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Nick\Favorites\Desktop.ini
[2003/06/07 13:27:34 | 000,000,624 | ---- | M] () -- C:\Documents and Settings\Nick\Favorites\Shortcut to Favorites.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/10 13:55:08 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Nick\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 15:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 19:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 19:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 19:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1997/07/31 13:28:46 | 000,007,437 | ---- | M] () -- C:\WINDOWS\system\TWADST10.EXE
[1997/08/04 16:15:18 | 000,019,456 | ---- | M] (TEXTware A/S) -- C:\WINDOWS\system\TWAVER32.EXE
[2002/08/14 15:03:38 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Thanks!

**Whoosh** · 10-09-2010

Hello!

Here is the OTL Quick Scan.

Thank you!

OTL logfile created on: 10/09/2010 14:08:21 - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Nick\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format:

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 30.03 Gb Free Space | 12.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DESK
Current User Name: Nick
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/07 14:54:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
PRC - [2010/09/04 23:54:01 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/09/04 23:53:58 | 001,355,928 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/05 19:19:20 | 001,266,920 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/08/05 19:19:18 | 000,763,112 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/02/26 01

50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/01/31 03:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/11 23:11:50 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2007/05/14 23:22:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2005/12/21 20:23:58 | 000,278,528 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
PRC - [2005/10/04 13:16:46 | 000,040,960 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
PRC - [2004/08/20 13:58:24 | 000,634,880 | ---- | M] (STOIK Imaging (Photo and Video editor, converter, media browser, morphing, noise reduction, red eye remove, photo panorama creation, cross stitch pattern, pain by number software - STOIK Imaging)) -- C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
PRC - [2004/01/26 11:38:38 | 000,866,816 | ---- | M] (THOMSON Telecom Belgium) -- C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe

========== Modules (SafeList) ==========

MOD - [2010/09/07 14:54:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
MOD - [2010/08/05 19:19:26 | 000,431,336 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2010/05/14 06:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/14 01:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/10/04 13:16:30 | 000,081,920 | ---- | M] (Avanquest Publishing USA, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/09/04 23:53:58 | 001,355,928 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/05 19:19:18 | 000,763,112 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/02/26 01

50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2006/12/14 02

20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMRED RV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDI S.SYS -- (SYMNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS .SYS -- (SYMIDS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW. SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS .SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Nick\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/12 13:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/10 02:11:05 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\ 20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/08/05 19:29:22 | 000,034,536 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\1 8130\RapportCerberus_18130.sys -- (RapportCerberus_18130)
DRV - [2010/08/05 19:19:28 | 000,168,936 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/08/05 19:19:28 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2010/07/14 02:00:43 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100909.049\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 02:00:43 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs \20100909.049\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/02 13:13:45 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/02 13:13:45 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 20:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\2 0100909.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/06 05:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI .SYS -- (SYMTDI)
DRV - [2010/04/29 06:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx8 6.SYS -- (SymIRON)
DRV - [2010/04/22 04:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA .SYS -- (SymEFA)
DRV - [2010/04/22 03:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP. SYS -- (SRTSP)
DRV - [2010/04/22 03:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX .SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/28 18:45:55 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/26 01:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx8 6.sys -- (ccHP)
DRV - [2009/08/30 01:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS. SYS -- (SymDS)
DRV - [2009/04/13 15:37:01 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2008/04/13 19

49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/16 08:35:00 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/11 14:38:30 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 14:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/28 10:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/06/14 04:04:12 | 004,299,264 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA059 1-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/06/02 13:25:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F365 1-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/02/28 19:05:48 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F 2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [gcNotifier] C:\Documents and Settings\Nick\Local Settings\Application Data\VTShared\gcnotifier.exe (Golden Casino)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe (THOMSON Telecom Belgium)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digimax Viewer 2.1.lnk = C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe (STOIK Imaging (Photo and Video editor, converter, media browser, morphing, noise reduction, red eye remove, photo panorama creation, cross stitch pattern, pain by number software - STOIK Imaging))
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe (Avanquest Publishing USA, Inc.)
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Seagate 2GHJV16D Product Registration.lnk = C:\Documents and Settings\Nick\Application Data\Leadertech\PowerRegister\Seagate 2GHJV16D Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsof...?1229547600890 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/13 19:05:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/08 09:57:35 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/08 09:54:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/08 09:54:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/08 09:54:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/08 09:54:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/08 09:54:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/07 15:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\Spyware Sep 2010
[2010/09/07 14:54:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/09/07 13

35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Malwarebytes
[2010/09/07 13

25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/07 13

24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/07 13

24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/07 13

24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/07 13:19:14 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nick\Desktop\mbam-setup.exe
[2010/09/07 13:15:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/07 13:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/07 13:14:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2010/09/07 12:49:57 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\TFC.exe
[2010/09/04 22:52:33 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/09/04 22:52:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/26 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Local Settings\Application Data\Sunbelt Software
[2010/08/11 20:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Trusteer
[2010/08/11 20:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/08/11 19:59:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/08/05 19:19:28 | 000,058,984 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/07/03 17:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\Any Video Converter
[2010/07/03 17:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\AnvSoft
[2010/07/03 17:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/06/29 14:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nick\My Documents\FINANCES 2009 - 2010
[2010/06/18 14:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVD FlickCurrent
[2007/04/29 21:13:23 | 025,755,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2007/04/29 15:36:39 | 015,505,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe

========== Files - Modified Within 90 Days ==========

[2010/09/09 09:38:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/09 09:35:18 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/09 09:35:14 | 000,013,746 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/09 09:34:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/09 09:34:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/09 09:34:51 | 3689,402,368 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/09 09:33:59 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Nick\NTUSER.DAT
[2010/09/09 09:33:59 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nick\ntuser.ini
[2010/09/09 09:27:58 | 000,000,252 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/09 09:08:51 | 003,840,723 | R--- | M] () -- C:\Documents and Settings\Nick\Desktop\ComboFix.exe
[2010/09/09 08:49:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/08 10:07:15 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Microsoft Excel.lnk
[2010/09/08 09:57:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/07 14:54:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\OTL.exe
[2010/09/07 14:51:34 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\MBRCheck.exe
[2010/09/07 13:44:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\h16nlzss.exe
[2010/09/07 13:41:59 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\download.php
[2010/09/07 13

28 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 13:20:33 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Nick\Desktop\mbam-setup.exe
[2010/09/07 13:15:26 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/07 13:15:23 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2010/09/07 13:15:23 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2010/09/07 13:14:53 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Nick\Desktop\erunt-setup.exe
[2010/09/07 12:50:02 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nick\Desktop\TFC.exe
[2010/09/04 22:52:11 | 000,000,922 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/04 22:52:11 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/03 10:00:07 | 000,001,360 | ---- | M] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup\Seagate 2GHJV16D Product Registration.lnk
[2010/08/23 17:29:53 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/12 13:15:20 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/11 11:32:37 | 000,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 11:25:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/10 13:38:16 | 000,068,096 | ---- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/10 11:30:27 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 9 Photo Manager.lnk
[2010/08/10 11:22:26 | 000,000,739 | ---- | M] () -- C:\WINDOWS\STImgBrowser.INI
[2010/08/05 19:19:28 | 000,058,984 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2010/07/29 13:10:37 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/18 19:02:43 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Beatles Tracks.xls
[2010/07/13 14:46:44 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ACDSee 6.0.lnk
[2010/07/03 17:45:35 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Any Video Converter.lnk
[2010/07/03 17:06:55 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\AT EASE Password 25.01.2010.xls
[2010/07/03 14:54:13 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Worcester Warriors Fixture List 2010 - 2011.xls
[2010/07/03 14:15:36 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Fixture List 2010 - 2011.xls
[2010/07/01 15:05:18 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - NEW MASTER.xls
[2010/07/01 15:01:24 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - RIGHTS ISSUES - NEW SAVINGS UPDATE.xls
[2010/06/29 15:15:41 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\London 2010 Things To Do.xls
[2010/06/29 14:05:49 | 000,137,216 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES 177 - 24 . JULY . 2009 - NEW SAVINGS UPDATE.xls
[2010/06/29 14:03:45 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 31st DECEMBER 2009 - NEW SAVINGS UPDATE.xls
[2010/06/25 10:02:28 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\Tesco Clubcard 26.June.2010.xls
[2010/06/18 14:36:28 | 000,001,677 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\DVD Flick.lnk
[2010/06/13 23:39:38 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Nick\My Documents\muse bologna.xls

========== Files Created - No Company Name ==========

[2010/09/08 09:57:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/08 09:57:37 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/08 09:54:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/08 09:54:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/08 09:54:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/08 09:54:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/08 09:54:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/08 09:09:26 | 003,840,723 | R--- | C] () -- C:\Documents and Settings\Nick\Desktop\ComboFix.exe
[2010/09/07 14:51:33 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\MBRCheck.exe
[2010/09/07 13:44:51 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\h16nlzss.exe
[2010/09/07 13:39:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\download.php
[2010/09/07 13

28 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/07 13:15:26 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Nick\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/07 13:15:23 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2010/09/07 13:15:23 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2010/09/05 00:03:54 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/09/04 22:52:11 | 000,000,922 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/04 22:52:11 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/07/18 19:02:39 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Beatles Tracks.xls
[2010/07/14 15:52:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/03 17:45:35 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Any Video Converter.lnk
[2010/07/03 17:06:53 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\AT EASE Password 25.01.2010.xls
[2010/07/03 14:39:47 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Worcester Warriors Fixture List 2010 - 2011.xls
[2010/07/01 15:01:39 | 000,137,728 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - NEW MASTER.xls
[2010/07/01 15:01:21 | 000,137,728 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\SHARES - 1st JULY 2010 - RIGHTS ISSUES - NEW SAVINGS UPDATE.xls
[2010/06/29 15:13:48 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\London 2010 Things To Do.xls
[2010/06/25 10:02:28 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Tesco Clubcard 26.June.2010.xls
[2010/06/24 16:47:37 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\Fixture List 2010 - 2011.xls
[2010/06/18 14:36:28 | 000,001,677 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\DVD Flick.lnk
[2010/06/13 23:39:38 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Nick\My Documents\muse bologna.xls
[2010/04/07 11:44:56 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
[2009/11/20 13:18:23 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\FixVTS.ini
[2008/10/28 21:00:43 | 000,002,232 | ---- | C] () -- C:\WINDOWS\coolmp3.ini
[2008/10/28 21:00:42 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini
[2008/10/28 21:00:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI
[2008/10/28 21:00:09 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2008/10/28 20:58:56 | 000,006,413 | ---- | C] () -- C:\WINDOWS\COOL.INI
[2008/07/04 16:01:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/02/05 22:09:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\wordpad.ini
[2007/07/08 13:49:23 | 018,164,640 | ---- | C] () -- C:\Program Files\aaw2007.exe
[2007/07/07 18:26:59 | 008,429,056 | ---- | C] () -- C:\Program Files\Nero.Mega.Plugin.Pack.msi
[2007/06/10 11:34:29 | 000,001,865 | ---- | C] () -- C:\Documents and Settings\Nick\Application Data\QuickZip45.ini
[2007/05/28 14:57:11 | 000,068,096 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/28 14:31:46 | 000,000,739 | ---- | C] () -- C:\WINDOWS\STImgBrowser.INI
[2007/05/28 14:16:17 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\JPEGCODE.DLL
[2007/05/14 18:17:39 | 000,000,848 | --S- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/04/29 14:22:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/04/28 22:40:42 | 000,001,292 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\FASTWiz.html
[2007/04/28 22:39:38 | 000,030,374 | ---- | C] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\FASTWiz.log
[2007/04/28 22:28:18 | 000,000,381 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI
[2007/04/28 22:25:55 | 000,000,266 | ---- | C] () -- C:\WINDOWS\TEXTWARE.INI
[2007/04/28 21:41:36 | 000,000,024 | ---- | C] () -- C:\WINDOWS\CDER300Euro.ini
[2007/04/28 21:30:54 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2007/04/28 20:50:06 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2007/04/13 20:36:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/16 08:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/16 08:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/16 08:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/16 08:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 08:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/16 08:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/16 08:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2002/03/21 15:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/20 22:01:06 | 000,006,688 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 09:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2007/04/28 21:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2009/09/25 16:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2009/02/28 10

44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/04/13 20:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2010/08/11 19:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2007/04/28 21:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/09/04 22:52:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2007/05/01 10:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\ACD Systems
[2010/07/03 17:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\AnvSoft
[2010/09/10 14:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Free Download Manager
[2009/01/09 16

51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\ImgBurn
[2009/09/18 10:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Leadertech
[2010/08/11 20:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Trusteer
[2007/04/28 22:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\VCOM
[2008/07/22 13:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\VTExtra
[2010/09/09 09:38:23 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

< End of report >

Thanks!

Possible Spyware or Trojan

Possible Spyware or Trojan

Similar Threads

Spyware, virus, trojan or something?

[Active] Adware, Trojan, Spyware Invasion

Trojan/spyware - desperate for some help

help, spyware or trojan Win XP SP2

I picked some spyware/virus/trojan and need help removing it!