Google Redirect [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Google Redirect [Solved]

#1 Cessna 210

Group: Member
Posts: 13
Joined: 18-June 10

Posted 24 June 2010 - 02:59 PM

I've been having problems for awhile now with Google being redirected to random sites. In the tab it says "redirect5..." before going to the random site. It also is keeping Symantec from updating because it redirects the LiveUpdate when it runs. More recently I am only able to start the computer in Safe Mode. In Normal Mode it goes to a black screen just before the login screen should appear. I have run Malwarebytes in Safe Mode and it removed about 16 items but I can still only run in Safe Mode. I would really appreciate any help to fix this problem.

#2 BlackOxide

Group: Malware Removal
Posts: 1,976
Joined: 12-December 09

Posted 25 June 2010 - 07:01 AM

Hi, Cessna 210! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note:

I am currently in training, so my replies will need to be quickly checked before I post them to you, so there may be a small delay in between.
Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.

OK, lets start

Let's first of all try and get a couple of scans done which will gather some information on what infections you may have on your PC. As you are having trouble accessing Normal Mode, you can run both of these programs in Safe Mode

You will either need to go into Safe Mode with Networking to have access to the internet to download these programs, or if you have access to another PC you could transfer the programs onto a CD for example and then copy them to the Desktop of your infected PC and then run them from there.

Please follow the steps below...

1)
OTL Custom Scan

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top, make sure Standard Output is selected.
Tick the Lop Check and Purity Check boxes.
Copy and Paste the following into the Custom Scans/Fixes box at the bottom.

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
intelide.sys
/md5stop
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

2)
GMER Rootkit Scanner

GMER Rootkit Scanner

Download

Homepage

Download GMER
Extract the contents of the zipped file to desktop.
Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.

3)
If possible, could you just show me the last Malwarebytes' AntiMalware (MBAM) log whereby those approx 16 items were removed. It may give me a better indication of the infections involved here:

Open MBAM and click the Logs tab at the top
They should be in Date/Time order, please choose the log from the previous run whereby those infections were removed, then click Open.
Copy and Paste the log into your next reply

In your next reply
Please post the contents of...
OTL logs (OTL.txt and Extras.txt)
GMER log
Previous MBAM log

#3 Cessna 210

Group: Member
Posts: 13
Joined: 18-June 10

Posted 25 June 2010 - 12:26 PM

Thanks BlackOxide for our quick reply. Here is the OTL logs. I'll do another post with the other 2 logs.

OTL logfile created on: 6/25/2010 12:54:54 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = \\Server\shareddocs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23.93 Gb Total Space | 3.91 Gb Free Space | 16.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 30.04 Gb Total Space | 19.08 Gb Free Space | 63.51% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JULIE
Current User Name: Kieser
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/25 12:42:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- \\Server\shareddocs\OTL.exe
PRC - [2010/06/16 10:04:56 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/16 10:04:53 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/05/09 17:59:02 | 002,240,944 | ---- | M] (Symantec Corporation) -- E:\Programs\Rtvscan.exe
PRC - [2008/05/09 17:07:02 | 001,660,288 | ---- | M] (Symantec Corporation) -- E:\Programs\SmcGui.exe
PRC - [2008/05/09 17:07:00 | 002,479,488 | ---- | M] (Symantec Corporation) -- E:\Programs\Smc.exe
PRC - [2008/04/14 09:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

========== Modules (SafeList) ==========

MOD - [2010/06/25 12:42:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- \\Server\shareddocs\OTL.exe
MOD - [2008/05/12 00:38:22 | 000,016,776 | ---- | M] (Symantec Corporation) -- E:\Programs\SnacNp.dll
MOD - [2008/04/14 09:42:04 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 09:42:04 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 09:42:04 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 09:42:02 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/14 09:41:54 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 09:41:52 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/14 09:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 03:09:26 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/16 10:04:53 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/05/12 00:38:14 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- E:\Programs\SNAC.EXE -- (SNAC)
SRV - [2008/05/09 17:59:02 | 002,240,944 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Programs\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/05/09 17:07:00 | 002,479,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Programs\Smc.exe -- (SmcService)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/04/24 14:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/06/16 14:43:37 | 000,050,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/06/16 14:41:34 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/16 10:05:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/19 17:56:00 | 000,005,688 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrmCVideo.sys -- (DrmCVideo)
DRV - [2009/11/19 17:55:36 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrmCAudio.sys -- (DrmCAudio)
DRV - [2009/11/18 15:13:02 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/11/09 13:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2008/05/15 02:00:00 | 000,895,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080515.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/05/15 02:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/05/15 02:00:00 | 000,109,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/05/15 02:00:00 | 000,082,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080515.032\NAVENG.SYS -- (NAVENG)
DRV - [2008/05/09 17:09:58 | 000,091,520 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/05/09 17:08:14 | 000,040,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/04/14 04:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/03 12:47:32 | 000,031,104 | ---- | M] (Sony) [Video Capture] [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\VRDVC20X.SYS -- (VRDVC20)
DRV - [2008/03/21 19:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/21 19:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/21 19:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/03/18 17:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/12 15:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/02/11 17:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/01/17 18:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/10/30 20:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 20:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/04/18 10:19:29 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/06 22:09:58 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/01 20:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/08/18 15:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 21:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 21:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/13 11:19:22 | 000,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.salembaptistnow.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2010/06/16 11:54:30 | 000,407,720 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14125 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programs\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] E:\Programs\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [lfqrhqxf] C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\ixwnpxfvw\gimfcvjtssd.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Programs\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programs\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1245951245109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.3
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/18 09:36:40 | 000,000,190 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0e8a85df-fdbf-11dd-bdd9-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0e8a85df-fdbf-11dd-bdd9-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e8a85df-fdbf-11dd-bdd9-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{0e8a85e0-fdbf-11dd-bdd9-00038a000015}\Shell\AutoRun\command - "" = H:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{0e8a85e0-fdbf-11dd-bdd9-00038a000015}\Shell\open\command - "" = H:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{a1e2cd09-049f-11de-bdde-000b7d20d1f3}\Shell\AutoRun\command - "" = E:\RECYCLER32\dmgr.exe -- [2010/01/16 23:04:04 | 000,072,704 | ---- | M] ()
O33 - MountPoints2\{a1e2cd09-049f-11de-bdde-000b7d20d1f3}\Shell\open\command - "" = E:\RECYCLER32\dmgr.exe -- [2010/01/16 23:04:04 | 000,072,704 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/29 21:50:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "MDM"
MsConfig - Services: "hasplms"
MsConfig - Services: "Crypkey License"
MsConfig - StartUpFolder: C:^Documents and Settings^Kieser.JULIE.001^Start Menu^Programs^Startup^ClearPlay Easy Updates.lnk - C:\Program Files\ClearPlay\ClearPlay Easy Updates\ClearPlayEasyUpdates.exe - (ClearPlay Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: Dell Wireless Manager UI - hkey= - key= - File not found
MsConfig - StartUpReg: DellSupport - hkey= - key= - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
MsConfig - StartUpReg: HP Component Manager - hkey= - key= - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: HPDJ Taskbar Utility - hkey= - key= - File not found
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: mmtask - hkey= - key= - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: PRONoMgrWired - hkey= - key= - C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe (Intel® Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - E:\Programs\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SmcService - E:\Programs\Smc.exe (Symantec Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: Symantec Antivirus - E:\Programs\Rtvscan.exe (Symantec Corporation)
SafeBootNet: Symantec Antvirus - Service
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - Reg Error: Value error.
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - Reg Error: Value error.
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/06/24 16:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/24 16:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/23 14:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\ixwnpxfvw
[2010/06/20 22:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\.SunDownloadManager
[2010/06/20 17:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\GooredFix Backups
[2010/06/18 23:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Malwarebytes
[2010/06/18 23:14:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/18 23:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/18 23:14:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/18 22:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/18 22:53:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\erunt_setup.exe
[2010/06/18 22:38:10 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\TFC.exe
[2010/06/16 15:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Recent
[2010/06/16 15:15:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/16 14:42:01 | 000,091,520 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2010/06/16 14:41:10 | 000,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/06/16 14:41:10 | 000,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/06/16 11:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/16 00:20:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/16 00:03:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/16 00:03:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/16 00:03:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/16 00:03:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/16 00:03:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/16 00:02:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/12 01:03:40 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/12 01:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/12 01:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/11 16:10:26 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/10 23:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Default Password List_files
[2010/05/31 17:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/31 17:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/31 17:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/31 17:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/10/29 16:12:25 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll

========== Files - Modified Within 30 Days ==========

[2010/06/25 12:53:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/25 12:51:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/25 12:46:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/24 21:57:41 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\NTUSER.DAT
[2010/06/24 21:57:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\ntuser.ini
[2010/06/23 13:50:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/23 13:15:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20050813131557.job
[2010/06/23 12:03:38 | 000,001,870 | -H-- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\My Documents\Default.rdp
[2010/06/23 11:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/22 22:39:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B49B074-6A53-49FB-8F6B-25DC6217B6A0}.job
[2010/06/21 18:34:16 | 000,000,292 | -H-- | M] () -- C:\WINDOWS\tasks\42743e9c.job
[2010/06/21 18:34:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/20 22:41:17 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\jre-6u20-windows-i586-iftw-rv.exe.sdm
[2010/06/18 23:14:18 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/18 22:54:26 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\NTREGOPT.lnk
[2010/06/18 22:54:26 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ERUNT.lnk
[2010/06/18 22:54:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\erunt_setup.exe
[2010/06/18 22:38:22 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\TFC.exe
[2010/06/16 14:43:37 | 000,050,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WpsHelper.sys
[2010/06/16 14:41:34 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/06/16 14:41:34 | 000,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/06/16 14:41:34 | 000,010,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/06/16 14:41:34 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/06/16 14:28:49 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/06/16 14:28:48 | 000,000,753 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/16 14:28:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/16 14:22:38 | 000,008,291 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/06/16 11:54:30 | 000,407,720 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/16 11:50:22 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/16 10:07:18 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/16 10:05:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/16 00:40:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100616-115430.backup
[2010/06/16 00:02:00 | 003,712,146 | R--- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ComboFix.exe
[2010/06/15 21:15:31 | 000,000,177 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/12 01:02:43 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/12 01:02:43 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/11 22:21:09 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 17:26:12 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/11 17:11:30 | 000,508,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 17:11:30 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 17:11:30 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 23:39:37 | 000,000,411 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Shortcut to vlc.lnk
[2010/06/10 23:02:46 | 000,274,428 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Default Password List.htm
[2010/06/01 12:28:49 | 000,020,768 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Jen.docx
[2010/05/31 17:00:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 16:24:35 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/06/20 22:41:17 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\jre-6u20-windows-i586-iftw-rv.exe.sdm
[2010/06/18 23:14:18 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/18 22:54:26 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\NTREGOPT.lnk
[2010/06/18 22:54:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ERUNT.lnk
[2010/06/16 14:41:10 | 000,010,563 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/06/16 14:41:10 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/06/16 11:50:22 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/16 11:28:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/16 00:21:04 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/06/16 00:20:47 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/16 00:13:20 | 000,008,291 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/06/16 00:03:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/16 00:03:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/16 00:03:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/16 00:03:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/16 00:03:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/16 00:01:06 | 003,712,146 | R--- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ComboFix.exe
[2010/06/15 22:08:57 | 000,000,292 | -H-- | C] () -- C:\WINDOWS\tasks\42743e9c.job
[2010/06/12 01:02:43 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/12 01:02:43 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/10 23:39:37 | 000,000,411 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Shortcut to vlc.lnk
[2010/06/10 23:02:30 | 000,274,428 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Default Password List.htm
[2010/06/01 12:28:48 | 000,020,768 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Jen.docx
[2010/05/31 12:51:51 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B49B074-6A53-49FB-8F6B-25DC6217B6A0}.job
[2010/05/18 08:51:49 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/01/21 17:26:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/11/18 15:13:45 | 000,000,078 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/11/18 15:13:41 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/11/18 15:13:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/11/18 15:13:02 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/11/17 20:20:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VPN.dll
[2009/10/07 15:44:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/22 11:12:34 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/08/22 11:12:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009/08/22 11:12:29 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/14 16:28:52 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/21 15:08:38 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2009/04/02 19:51:41 | 000,010,523 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2009/04/02 19:45:48 | 000,000,507 | ---- | C] () -- C:\WINDOWS\DKAAY2DD.ini
[2009/02/26 22:34:22 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/12/13 18:07:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/22 12:14:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/08 21:27:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/04/30 01:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/14 00:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/14 00:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/14 00:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2005/12/11 15:03:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2005/09/12 20:21:55 | 000,002,146 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/16 15:46:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/04/18 10:36:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/18 10:29:36 | 000,000,177 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/18 10:08:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/18 10:00:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/04/18 09:37:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/04/18 09:36:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/04/18 09:36:16 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 09:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/01/21 16:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2005/12/11 15:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2006/01/14 19:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/28 15:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardraw.com Ltd
[2009/02/27 03:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/31 18:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/12 01:02:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/01/21 13:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 15:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/11 14:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\acccore
[2009/02/11 14:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\AIM
[2009/02/11 14:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\AIMPro
[2010/01/17 00:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\ClearPlay Inc
[2009/06/17 13:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\GetRightToGo
[2005/08/20 14:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\MSNInstaller
[2009/12/08 15:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\TeamViewer
[2007/01/11 15:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Viewpoint
[2010/06/21 18:34:16 | 000,000,292 | -H-- | M] () -- C:\WINDOWS\Tasks\42743e9c.job
[2010/06/25 12:51:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/06/22 22:39:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B49B074-6A53-49FB-8F6B-25DC6217B6A0}.job

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 09:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 09:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\i386\sp3.cab:AGP440.sys
[2008/04/14 04:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 04:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 04:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 09:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 09:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\i386\sp3.cab:atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 04:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 09:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 09:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 09:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: INTELIDE.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:intelide.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:intelide.sys
[2008/04/14 09:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:intelide.sys
[2008/04/14 09:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:intelide.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\i386\sp3.cab:intelide.sys
[2004/08/03 23:59:42 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=2D722B2B54AB55B2FA475EB58D7B2AAD -- C:\i386\intelide.sys
[2004/08/03 23:59:42 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=2D722B2B54AB55B2FA475EB58D7B2AAD -- C:\WINDOWS\$NtServicePackUninstall$\intelide.sys
[2004/08/03 23:59:42 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=2D722B2B54AB55B2FA475EB58D7B2AAD -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\intelide.sys
[2008/04/14 04:10:30 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=B5466A9250342A7AA0CD1FBA13420678 -- C:\WINDOWS\ServicePackFiles\i386\intelide.sys
[2008/04/14 04:10:30 | 000,005,504 | ---- | M] (Microsoft Corporation) MD5=B5466A9250342A7AA0CD1FBA13420678 -- C:\WINDOWS\system32\drivers\intelide.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 09:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 09:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 09:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 09:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 09:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 09:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\*.* >
[2010/06/25 12:46:22 | 000,027,519 | ---- | M] () -- C:\aaw7boot.log
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/01 11:50:17 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2010/06/16 14:28:49 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2009/12/05 14:27:24 | 000,000,768 | ---- | M] () -- C:\CKINFO.TXT
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/16 00:44:29 | 000,020,904 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/04/18 09:42:06 | 000,004,814 | RH-- | M] () -- C:\dell.sdr
[2009/03/29 18:00:56 | 000,000,061 | ---- | M] () -- C:\DVDPATH.TXT
[2009/03/04 18:46:04 | 000,002,696 | ---- | M] () -- C:\hpfr3420.log
[2009/03/04 18:46:04 | 000,000,514 | ---- | M] () -- C:\hpfr3420.xml
[2010/06/16 12:32:00 | 000,089,884 | ---- | M] () -- C:\hpfr3740.log
[2003/12/08 13:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2005/08/13 12:48:08 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/06/15 12:29:04 | 000,003,073 | -H-- | M] () -- C:\IPH.PH
[2010/06/20 22:33:27 | 000,007,837 | ---- | M] () -- C:\JavaRa.log
[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/02/27 01:26:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/25 12:46:24 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2005/04/18 10:20:27 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2010/06/20 17:42:48 | 000,051,526 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_20.06.2010_17.41.47_log.txt
[2010/06/20 21:40:02 | 000,051,526 | ---- | M] () -- C:\TDSSKiller.2.3.2.0_20.06.2010_21.39.08_log.txt
[2008/09/02 22:59:44 | 000,000,150 | ---- | M] () -- C:\YServer.txt
[2005/08/13 13:15:58 | 000,001,167 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/16 10:05:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/04/28 16:07:51 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
[2010/06/16 14:41:34 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2010/06/16 14:43:37 | 000,050,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\WpsHelper.sys

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/05/09 17:07:18 | 000,048,000 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2008/05/09 17:08:00 | 000,107,904 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2008/05/09 17:08:02 | 000,357,760 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< >

< >
< End of report >

OTL Extras logfile created on: 6/25/2010 12:54:54 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = \\Server\shareddocs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23.93 Gb Total Space | 3.91 Gb Free Space | 16.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 30.04 Gb Total Space | 19.08 Gb Free Space | 63.51% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JULIE
Current User Name: Kieser
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- E:\Programs\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- E:\Programs\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57181:TCP" = 57181:TCP:*:Enabled:PORT_57181
"18895:TCP" = 18895:TCP:*:Enabled:PORT_18895
"60078:TCP" = 60078:TCP:*:Enabled:PORT_60078
"30722:TCP" = 30722:TCP:*:Enabled:PORT_30722
"53350:TCP" = 53350:TCP:*:Enabled:PORT_53350
"32551:TCP" = 32551:TCP:*:Enabled:PORT_32551
"24247:TCP" = 24247:TCP:*:Enabled:PORT_24247
"20176:TCP" = 20176:TCP:*:Enabled:PORT_20176
"56806:TCP" = 56806:TCP:*:Enabled:PORT_56806
"16102:TCP" = 16102:TCP:*:Enabled:PORT_16102
"23351:TCP" = 23351:TCP:*:Enabled:PORT_23351
"55177:TCP" = 55177:TCP:*:Enabled:PORT_55177
"33821:TCP" = 33821:TCP:*:Enabled:PORT_33821
"14570:TCP" = 14570:TCP:*:Enabled:PORT_14570
"27941:TCP" = 27941:TCP:*:Enabled:PORT_27941
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65025:TCP" = 65025:TCP:*:Enabled:PORT_65025
"10063:TCP" = 10063:TCP:*:Enabled:PORT_10063
"14415:TCP" = 14415:TCP:*:Enabled:PORT_14415
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"E:\Programs\Smc.exe" = E:\Programs\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"E:\Programs\SNAC.EXE" = E:\Programs\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Camera Window DS
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2E2966EA-2169-4E42-8A8A-CC1749D80088}" = Symantec Endpoint Protection
"{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4DBBF091-FACD-422C-B43C-786335BD5398}" = MovieEdit Task
"{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Camera Window DVC
"{51C91B84-7B46-4FE7-8999-8228CFA75F89}" = Intel® Integrated Performance Primitives RTI 4.0
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5C8AE145-C9F7-4883-9750-7ECD2B41CCCA}" = Linksys VPN Client
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Camera Window MC
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb
"{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = PhotoStitch
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8CCD293C-0563-4EB0-BFAF-F279B61A6F32}" = ClearPlay Easy Updates
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Camera Access Library
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1D0D14A-B776-4907-BC00-5149F2298086}" = Camera Support Core Library
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Camera Window DVC
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = RAW Image Task 2.2
"{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" = Canon PhotoRecord
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX (E)
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}" = AIM Pro
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour
"{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"asterisk key" = Asterisk Key 10.0
"BookSmart® 2.0 2.0" = BookSmart® 2.0 2.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"Click'N Design 3D for AfterBurner™" = Click'N Design 3D for AfterBurner™
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dell_HostCD" = Dell Software Uninstall
"ERUNT_is1" = ERUNT 1.1j
"HijackThis" = HijackThis 2.0.2
"hp deskjet 3420 series_Driver" = hp deskjet 3420 series
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}" = Canon Camera Window DSLR 5 for ZoomBrowser EX
"InstallShield_{4DBBF091-FACD-422C-B43C-786335BD5398}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"InstallShield_{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}" = Canon Camera Window MC 6 for ZoomBrowser EX
"InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{901F8ED7-13E8-43EF-B738-2FE89B0588EB}" = Canon Camera Access Library
"InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}" = Canon Camera Support Core Library
"InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}" = Canon RAW Image Task for ZoomBrowser EX
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"TightVNC_is1" = TightVNC 1.3.10
"VLC media player" = VLC media player 0.9.8a
"vrdvc20x_7b29725b74c396276eb7bbf254946b555c3f279d" = Windows Driver Package - Sony (VRDVC20) MEDIA 11/10/2004 5.1.18.01
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Customizations" = Yahoo! Browser Services
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/24/2010 4:43:52 PM | Computer Name = JULIE | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 6/24/2010 5:30:36 PM | Computer Name = JULIE | Source = Symantec AntiVirus | ID = 16711754
Description = TruScan has generated an error: code 14: description: CAL Failure

Error - 6/24/2010 8:03:18 PM | Computer Name = JULIE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/24/2010 8:03:18 PM | Computer Name = JULIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 6/24/2010 8:03:18 PM | Computer Name = JULIE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/24/2010 8:03:18 PM | Computer Name = JULIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 6/25/2010 12:50:15 PM | Computer Name = JULIE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/25/2010 12:50:16 PM | Computer Name = JULIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 6/25/2010 12:50:16 PM | Computer Name = JULIE | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid.

Error - 6/25/2010 12:50:16 PM | Computer Name = JULIE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ OSession Events ]
Error - 7/21/2009 4:32:23 PM | Computer Name = JULIE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 6214
seconds with 3180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/25/2010 12:48:04 PM | Computer Name = JULIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 6/25/2010 12:48:05 PM | Computer Name = JULIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 6/25/2010 12:48:16 PM | Computer Name = JULIE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
APPDRV eeCtrl Fips intelppm NetworkX SRTSP SRTSPX SYMTDI

Error - 6/25/2010 12:49:17 PM | Computer Name = JULIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/25/2010 12:49:25 PM | Computer Name = JULIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/25/2010 12:50:46 PM | Computer Name = JULIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/25/2010 12:50:56 PM | Computer Name = JULIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/25/2010 12:51:35 PM | Computer Name = JULIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 6/25/2010 12:52:38 PM | Computer Name = JULIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/25/2010 12:53:22 PM | Computer Name = JULIE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

#4 BlackOxide

Group: Malware Removal
Posts: 1,976
Joined: 12-December 09

Posted 25 June 2010 - 04:42 PM

Thanks for posting the OTL logs. If you could still post the GMER and the previous MBAM log when you have them please.

I see that ComboFix and TDSSKiller have been run. I could do with seeing the results of those too as they could help me narrow down the problem as to why your PC is not booting into Normal Mode.

So, just to clarify....

Could I please see the contents of...
GMER log
Previous MBAM log
ComboFix log - "C:\ComboFix.txt"
TDSSKiller logs - "C:\TDSSKiller.2.3.2.0_20.06.2010_17.41.47_log.txt" and "C:\TDSSKiller.2.3.2.0_20.06.2010_21.39.08_log.txt"

#5 Cessna 210

Group: Member
Posts: 13
Joined: 18-June 10

Posted 28 June 2010 - 01:26 PM

Hi, Sorry for the delay. Below are the rest of the logs that you asked for.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-25 17:31:24
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\KIESER~2.001\LOCALS~1\Temp\uxtdypog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwAllocateVirtualMemory [0xBA7151C0]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xBA7152F0]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwWriteVirtualMemory [0xBA715420]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1016] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 018F000A
.text C:\WINDOWS\system32\svchost.exe[1720] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D8000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ infosoft.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\AuxUserType@
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\AuxUserType\2
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\AuxUserType\2@ Message
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\AuxUserType\3
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\AuxUserType\3@ Outlook Message Attachment
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocHandler32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\LocalServer32@ C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\LocalServer32@LocalServer32 *r=^Vn-}f(ZXfeAR6.jiOUTLOOKFiles>ir@X7cr$%@u$}&V7{4p'?
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\ProgID@ Outlook.MsgAttach
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Verb@
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Verb\0
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Verb\0@ &Open,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Verb\1
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Verb\1@ P&rint,0,2
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Verb\2
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\Verb\2@ &Save As...,0,2

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/19/2010 8:16:42 AM
mbam-log-2010-06-19 (08-16-42).txt

Scan type: Quick scan
Objects scanned: 19120
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\spool\prtprocs\w32x86\1uO3o7.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\31793oCE.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\31m9g17a.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\5aA55.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\AAA9kUO9.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\E1a93e7a.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\g179k1yW.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\g317k3y79.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\G9iQ79c.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\iQ7w3uOC.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\k555w.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\K93g79a.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\m17w3179.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spool\prtprocs\w32x86\S31sK3y7c.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

ComboFix 10-06-15.02 - Kieser 06/16/2010 0:24.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.770 [GMT -4:00]
Running from: c:\documents and settings\Kieser.JULIE.001\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kieser.JULIE.001\Application Data\42743e9c.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\ernel32.dll
c:\windows\system32\spool\prtprocs\w32x86\1i9qGM.dll
c:\windows\system32\spool\prtprocs\w32x86\1w93yW.dll
c:\windows\system32\spool\prtprocs\w32x86\AAAA9k1y9.dll
c:\windows\system32\spool\prtprocs\w32x86\c93u7m3.dll
c:\windows\system32\spool\prtprocs\w32x86\g79a1k.dll
c:\windows\system32\spool\prtprocs\w32x86\gM1g93a7k.dll
c:\windows\system32\spool\prtprocs\w32x86\IQ3w79y.dll
c:\windows\system32\spool\prtprocs\w32x86\K5yW5.dll
c:\windows\system32\spool\prtprocs\w32x86\qGM793cEI.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

.
((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.

2010-06-16 04:11 . 2010-06-16 04:11 -------- d-----w- c:\windows\LastGood
2010-06-16 03:35 . 2010-06-16 02:26 52224 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\AAA9kUO9.dll
2010-06-16 03:23 . 2010-06-16 03:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-16 02:26 . 2010-06-16 02:26 52224 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\E1a93e7a.dll
2010-06-16 02:25 . 2010-06-16 02:25 52224 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\G9iQ79c.dll
2010-06-16 02:24 . 2010-06-16 02:24 52224 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\g317k3y79.dll
2010-06-16 02:17 . 2010-06-16 02:17 52224 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\k555w.dll
2010-06-16 02:17 . 2010-06-16 02:16 52224 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\S31sK3y7c.dll
2010-06-16 02:13 . 2010-06-16 02:13 52224 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\K93g79a.dll
2010-06-16 02:11 . 2010-06-16 02:11 52224 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\m17w3179.dll
2010-06-16 02:08 . 2010-06-16 02:08 52224 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\g179k1yW.dll
2010-06-16 02:08 . 2010-06-16 02:26 52224 ----a-w- c:\documents and settings\Kieser.JULIE.001\Application Data\e9c.exe
2010-06-12 05:03 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-12 05:02 . 2010-06-12 05:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-12 05:02 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-12 05:02 . 2010-06-12 05:02 -------- d-----w- c:\program files\Lavasoft
2010-06-11 20:10 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-31 21:59 . 2010-05-31 21:59 -------- d-----w- c:\program files\iPod
2010-05-31 21:58 . 2010-05-31 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-31 21:52 . 2010-05-31 21:53 -------- d-----w- c:\program files\QuickTime
2010-05-31 21:46 . 2010-05-31 21:46 -------- d-----w- c:\program files\Bonjour
2010-05-31 21:22 . 2010-05-31 21:22 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-18 12:54 . 2010-05-18 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-18 12:53 . 2010-05-18 12:53 -------- d-----w- c:\documents and settings\Kieser.JULIE.001\Application Data\Office Genuine Advantage
2010-05-17 20:15 . 2010-05-17 20:15 -------- d-----w- c:\windows\Cache
2010-05-17 20:15 . 2010-05-17 20:15 -------- d-----w- c:\program files\Coupons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 04:13 . 2005-04-18 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-16 04:13 . 2005-04-18 14:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-16 04:13 . 2005-04-18 14:20 -------- d-----w- c:\program files\Symantec
2010-06-15 20:07 . 2009-08-18 19:02 -------- d-----w- c:\program files\Common Files\Apple
2010-06-12 05:02 . 2010-04-28 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-12 02:25 . 2007-06-21 01:46 -------- d-----w- c:\documents and settings\Kieser.JULIE.001\Application Data\Apple Computer
2010-06-12 02:21 . 2010-05-09 00:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 21:37 . 2009-02-27 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-31 22:00 . 2009-08-18 19:09 -------- d-----w- c:\program files\iTunes
2010-05-24 15:58 . 2005-08-16 19:21 139 ----a-w- c:\documents and settings\Kieser.JULIE.001\Local Settings\Application Data\fusioncache.dat
2010-05-24 15:58 . 2010-01-17 04:16 5968 ----a-w- c:\documents and settings\Kieser.JULIE.001\Application Data\ClearPlay Inc\ClearPlay Easy Updates\1.0.1.7\v_kieserj@gmail.com
2010-05-24 15:57 . 2005-08-16 19:21 95032 -c--a-w- c:\documents and settings\Kieser.JULIE.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-24 15:34 . 2009-02-27 07:05 -------- d-----w- c:\program files\Microsoft Works
2010-05-19 00:49 . 2010-05-20 13:06 283492 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-05-10 16:48 . 2005-12-13 18:51 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-11 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 20:07 . 2010-04-28 20:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-28 19:35 . 2009-11-18 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Stardraw.com Ltd
2010-04-28 19:32 . 2010-01-21 20:09 -------- d-----w- c:\documents and settings\Kieser.JULIE.001\Application Data\NCH Software
2010-04-20 05:30 . 2004-08-11 22:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-02-28 16:29 . 2009-02-28 16:24 492294124 -c--a-w- c:\program files\Intuit.zip
2006-05-03 10:06 . 2010-01-21 21:24 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-21 21:24 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-21 21:24 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1244\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1253\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1399\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1402\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1534\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1567\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-2959\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3027\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3247\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3311\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3360\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3440\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3451\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3456\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3461\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3467\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3475\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3512\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3529\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-4690\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-4799\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Kieser.JULIE.001^Start Menu^Programs^Startup^ClearPlay Easy Updates.lnk]
path=c:\documents and settings\Kieser.JULIE.001\Start Menu\Programs\Startup\ClearPlay Easy Updates.lnk
backup=c:\windows\pss\ClearPlay Easy Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 13:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 17:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-07-23 03:25 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 18:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 18:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 18:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
2004-12-09 18:58 86016 ----a-w- c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-04-18 14:19 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-18 20:09 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-18 21:52 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-05-14 05:35 536576 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-05-13 15:23 98304 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65025:TCP"= 65025:TCP:PORT_65025
"10063:TCP"= 10063:TCP:PORT_10063
"14415:TCP"= 14415:TCP:PORT_14415
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/12/2010 1:03 AM 64288]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11/9/2009 1:12 PM 25088]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 12:28 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1228208]
S2 VRDVC20;Sony VRD-VC20 [Video Capture];c:\windows\system32\drivers\VRDVC20X.SYS [4/3/2008 12:47 PM 31104]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [1/21/2010 4:38 PM 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [1/21/2010 4:38 PM 5688]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [1/21/2010 4:50 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [1/21/2010 4:50 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [1/21/2010 4:51 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [1/21/2010 4:51 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [1/21/2010 4:51 PM 25704]

--- Other Services/Drivers In Memory ---

*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SPBBCDrv
*Deregistered* - SRTSPX
*Deregistered* - WpsHelper
.
Contents of the 'Scheduled Tasks' folder

2010-06-16 c:\windows\Tasks\42743e9c.job
- c:\documents and settings\Kieser.JULIE.001\Application Data\e9c.exe [2010-06-16 02:26]

2010-06-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]

2010-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 16:28]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 16:28]

2010-06-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-06-15 c:\windows\Tasks\User_Feed_Synchronization-{3B49B074-6A53-49FB-8F6B-25DC6217B6A0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

2010-06-09 c:\windows\Tasks\WebReg 20050813131557.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-29 02:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.salembaptistnow.org/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
MSConfigStartUp-12CFG214-K641-24SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe
MSConfigStartUp-Advanced DHTML Enable - c:\docume~1\THOMPS~1\LOCALS~1\Temp\534.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-M5T8QL3YW3 - c:\docume~1\KIESER~2.001\LOCALS~1\Temp\Kfh.exe
MSConfigStartUp-psysnew - c:\recycler\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\VPTray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-16 00:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-06-16 00:44:28
ComboFix-quarantined-files.txt 2010-06-16 04:44

Pre-Run: 2,985,938,944 bytes free
Post-Run: 2,949,648,384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

- - End Of File - - 92478ABA380FAE063BF4FE29AE59E079

17:41:47:093 2456 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
17:41:47:093 2456 ================================================================================
17:41:47:093 2456 SystemInfo:

17:41:47:093 2456 OS Version: 5.1.2600 ServicePack: 3.0
17:41:47:093 2456 Product type: Workstation
17:41:47:093 2456 ComputerName: JULIE
17:41:47:093 2456 UserName: Kieser
17:41:47:093 2456 Windows directory: C:\WINDOWS
17:41:47:093 2456 Processor architecture: Intel x86
17:41:47:093 2456 Number of processors: 1
17:41:47:093 2456 Page size: 0x1000
17:41:47:093 2456 Boot type: Normal boot
17:41:47:093 2456 ================================================================================
17:41:47:953 2456 Initialize success
17:41:47:953 2456
17:41:47:953 2456 Scanning Services ...
17:41:48:796 2456 Raw services enum returned 399 services
17:41:48:812 2456
17:41:48:812 2456 Scanning Drivers ...
17:41:50:812 2456 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:41:51:031 2456 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:41:51:250 2456 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:41:51:421 2456 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:41:51:625 2456 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:41:51:828 2456 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:41:52:046 2456 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
17:41:52:250 2456 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:41:52:453 2456 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:41:52:656 2456 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:41:52:859 2456 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:41:53:078 2456 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:41:53:312 2456 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\drivers\aksfridge.sys
17:41:53:531 2456 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:41:53:750 2456 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:41:53:953 2456 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:41:54:156 2456 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:41:54:312 2456 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
17:41:54:468 2456 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:41:54:671 2456 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:41:54:890 2456 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:41:55:062 2456 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
17:41:55:234 2456 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:41:55:406 2456 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:41:55:718 2456 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:41:55:937 2456 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:41:56:140 2456 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:41:56:296 2456 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:41:56:796 2456 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:41:56:984 2456 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:41:57:234 2456 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:41:57:437 2456 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:41:57:609 2456 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:41:57:796 2456 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:41:57:937 2456 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:41:58:234 2456 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:41:58:375 2456 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:41:58:562 2456 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:41:58:703 2456 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:41:58:906 2456 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:41:59:109 2456 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:41:59:343 2456 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:41:59:609 2456 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:41:59:828 2456 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:42:00:031 2456 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:42:00:171 2456 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:42:00:406 2456 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:42:00:609 2456 DrmCAudio (9b0d0dabc36895c72a047a5ad98da735) C:\WINDOWS\system32\drivers\DrmCAudio.sys
17:42:00:828 2456 DrmCVideo (ba772d0bacff855adf4808b4e7dbc2b1) C:\WINDOWS\system32\DRIVERS\DrmCVideo.sys
17:42:01:015 2456 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:42:01:218 2456 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
17:42:01:421 2456 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
17:42:01:671 2456 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:42:01:921 2456 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:42:02:078 2456 EraserUtilRebootDrv (e7d1a496c71cd56bdd97f32c9141a03b) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:42:02:500 2456 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:42:02:718 2456 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:42:02:906 2456 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:42:03:125 2456 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:42:03:359 2456 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:42:03:593 2456 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:42:03:781 2456 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:42:04:000 2456 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:42:04:265 2456 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:42:04:500 2456 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
17:42:04:703 2456 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
17:42:04:921 2456 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:42:05:062 2456 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:42:05:296 2456 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:42:05:500 2456 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:42:05:703 2456 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:42:05:937 2456 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
17:42:06:515 2456 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
17:42:06:828 2456 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:42:07:031 2456 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:42:07:156 2456 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:42:07:750 2456 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:42:08:484 2456 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
17:42:08:812 2456 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:42:09:031 2456 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:42:09:218 2456 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:42:09:421 2456 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:42:09:656 2456 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:42:09:828 2456 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:42:10:031 2456 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:42:10:265 2456 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:42:10:468 2456 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:42:10:609 2456 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:42:10:890 2456 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:42:11:062 2456 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:42:11:281 2456 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:42:11:484 2456 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
17:42:11:703 2456 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:42:11:921 2456 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:42:12:125 2456 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:42:12:531 2456 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:42:12:765 2456 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:42:12:953 2456 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:42:13:156 2456 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:42:13:296 2456 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:42:13:453 2456 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:42:13:625 2456 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:42:13:781 2456 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:42:14:015 2456 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:42:14:265 2456 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:42:14:468 2456 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:42:14:578 2456 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:42:14:796 2456 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:42:15:171 2456 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:42:15:718 2456 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:42:16:312 2456 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:42:16:828 2456 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:42:17:343 2456 NAVENG (69974d54db3ae9b63d6c721705f36bbc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080515.032\NAVENG.SYS
17:42:17:906 2456 NAVEX15 (d79498c50b79550704c91f1d70528f11) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080515.032\NAVEX15.SYS
17:42:18:406 2456 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:42:18:937 2456 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:42:19:515 2456 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:42:19:750 2456 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:42:19:921 2456 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:42:20:062 2456 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:42:20:359 2456 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:42:20:578 2456 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:42:20:734 2456 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
17:42:20:921 2456 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:42:21:125 2456 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:42:21:390 2456 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:42:21:640 2456 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:42:21:937 2456 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:42:22:125 2456 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:42:22:390 2456 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
17:42:22:578 2456 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:42:22:812 2456 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:42:23:031 2456 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:42:23:250 2456 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:42:23:578 2456 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:42:23:750 2456 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:42:24:562 2456 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:42:24:765 2456 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:42:24:984 2456 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:42:25:234 2456 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:42:25:453 2456 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:42:25:671 2456 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:42:25:890 2456 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:42:26:093 2456 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:42:26:453 2456 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:42:26:656 2456 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:42:26:859 2456 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:42:27:093 2456 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:42:27:359 2456 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:42:27:593 2456 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:42:27:906 2456 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:42:28:203 2456 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:42:28:484 2456 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:42:28:718 2456 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:42:28:937 2456 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:42:29:140 2456 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:42:29:812 2456 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:42:30:375 2456 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:42:30:578 2456 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:42:30:796 2456 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:42:31:109 2456 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:42:31:359 2456 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:42:31:562 2456 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:42:31:781 2456 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:42:32:015 2456 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:42:32:296 2456 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:42:32:500 2456 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:42:32:843 2456 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS
17:42:33:156 2456 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
17:42:33:343 2456 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
17:42:33:578 2456 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
17:42:34:015 2456 STAC97 (19fcec67aaffab07ba358860a602cb4a) C:\WINDOWS\system32\drivers\STAC97.sys
17:42:34:484 2456 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
17:42:35:218 2456 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:42:35:421 2456 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:42:35:625 2456 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:42:35:875 2456 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:42:36:078 2456 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:42:36:281 2456 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
17:42:36:500 2456 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
17:42:36:671 2456 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
17:42:36:921 2456 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:42:37:125 2456 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:42:37:343 2456 SynTP (24f75b01c02992ad2e800b387269c50d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:42:37:531 2456 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:42:37:812 2456 SysPlant (47e40b633e93f5b8d4e16b60cb972c7b) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
17:42:38:078 2456 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:42:38:312 2456 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:42:38:515 2456 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:42:38:750 2456 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
17:42:39:000 2456 Teefer2 (94fb26d72326851e914b9fd988e1aa47) C:\WINDOWS\system32\DRIVERS\teefer2.sys
17:42:39:171 2456 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:42:39:328 2456 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
17:42:39:531 2456 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:42:39:765 2456 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:42:39:984 2456 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:42:40:281 2456 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:42:40:500 2456 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:42:40:890 2456 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:42:41:093 2456 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:42:41:375 2456 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:42:41:640 2456 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:42:42:062 2456 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:42:42:468 2456 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:42:42:718 2456 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:42:43:031 2456 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:42:43:250 2456 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:42:43:468 2456 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:42:43:703 2456 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:42:43:953 2456 VRDVC20 (ea630566440ba12053cd599919affd33) C:\WINDOWS\system32\Drivers\VRDVC20X.SYS
17:42:44:218 2456 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:42:44:968 2456 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:42:45:265 2456 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:42:45:531 2456 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:42:45:890 2456 WPS (b0c73e3c023e4014866966a615d7db5e) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
17:42:46:140 2456 WpsHelper (15414e4a9efd26b9391c9bd9c3098541) C:\WINDOWS\system32\drivers\WpsHelper.sys
17:42:46:375 2456 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
17:42:46:578 2456 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
17:42:47:000 2456 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
17:42:47:546 2456 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
17:42:47:890 2456 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
17:42:48:078 2456 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:42:48:078 2456
17:42:48:078 2456 Completed
17:42:48:078 2456
17:42:48:078 2456 Results:
17:42:48:078 2456 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
17:42:48:078 2456 File objects infected / cured / cured on reboot: 0 / 0 / 0
17:42:48:078 2456
17:42:48:078 2456 KLMD(ARK) unloaded successfully

21:39:08:421 3296 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
21:39:08:421 3296 ================================================================================
21:39:08:421 3296 SystemInfo:

21:39:08:421 3296 OS Version: 5.1.2600 ServicePack: 3.0
21:39:08:421 3296 Product type: Workstation
21:39:08:421 3296 ComputerName: JULIE
21:39:08:421 3296 UserName: Kieser
21:39:08:421 3296 Windows directory: C:\WINDOWS
21:39:08:421 3296 Processor architecture: Intel x86
21:39:08:421 3296 Number of processors: 1
21:39:08:421 3296 Page size: 0x1000
21:39:08:421 3296 Boot type: Normal boot
21:39:08:421 3296 ================================================================================
21:39:09:328 3296 Initialize success
21:39:09:328 3296
21:39:09:328 3296 Scanning Services ...
21:39:10:156 3296 Raw services enum returned 399 services
21:39:10:171 3296
21:39:10:171 3296 Scanning Drivers ...
21:39:12:093 3296 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:39:12:328 3296 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:39:12:531 3296 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:39:12:734 3296 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:39:13:015 3296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:39:13:218 3296 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:39:13:421 3296 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:39:13:734 3296 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:39:13:937 3296 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:39:14:156 3296 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:39:14:359 3296 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:39:14:593 3296 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:39:14:890 3296 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\drivers\aksfridge.sys
21:39:15:109 3296 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:39:15:312 3296 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:39:15:546 3296 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:39:15:796 3296 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:39:15:984 3296 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
21:39:16:156 3296 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:39:16:359 3296 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:39:16:593 3296 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:39:16:781 3296 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
21:39:16:984 3296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:39:17:187 3296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:39:17:500 3296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:39:17:796 3296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:39:18:062 3296 BCM43XX (c3ab2d6954c7b5103770832a3a6a591b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
21:39:18:281 3296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:39:18:843 3296 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:39:19:046 3296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:39:19:265 3296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:39:19:421 3296 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:39:19:703 3296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:39:19:875 3296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:39:20:031 3296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:39:20:312 3296 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:39:20:546 3296 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:39:20:734 3296 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:39:20:875 3296 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:39:21:078 3296 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:39:21:281 3296 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:39:21:468 3296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:39:21:703 3296 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:39:21:937 3296 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:39:22:125 3296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:39:22:281 3296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:39:22:500 3296 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:39:22:718 3296 DrmCAudio (9b0d0dabc36895c72a047a5ad98da735) C:\WINDOWS\system32\drivers\DrmCAudio.sys
21:39:22:937 3296 DrmCVideo (ba772d0bacff855adf4808b4e7dbc2b1) C:\WINDOWS\system32\DRIVERS\DrmCVideo.sys
21:39:23:187 3296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:39:23:359 3296 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:39:23:687 3296 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
21:39:24:281 3296 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:39:24:453 3296 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
21:39:24:500 3296 EraserUtilRebootDrv (e7d1a496c71cd56bdd97f32c9141a03b) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:39:24:734 3296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:39:24:953 3296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:39:25:140 3296 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:39:25:296 3296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:39:25:468 3296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:39:25:718 3296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:39:25:890 3296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:39:26:093 3296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
21:39:26:312 3296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:39:26:500 3296 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
21:39:26:718 3296 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
21:39:26:921 3296 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:39:27:062 3296 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:39:27:265 3296 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:39:27:468 3296 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:39:27:734 3296 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:39:27:953 3296 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
21:39:28:312 3296 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
21:39:28:687 3296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:39:28:875 3296 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:39:29:000 3296 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:39:29:187 3296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:39:29:468 3296 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
21:39:29:859 3296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:39:30:078 3296 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:39:30:265 3296 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:39:30:468 3296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:39:30:687 3296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:39:30:890 3296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:39:31:078 3296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:39:31:281 3296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:39:31:484 3296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:39:31:750 3296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:39:31:937 3296 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:39:32:078 3296 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:39:32:234 3296 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:39:32:375 3296 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
21:39:32:578 3296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:39:32:781 3296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:39:32:984 3296 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
21:39:33:359 3296 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:39:33:562 3296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:39:33:750 3296 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:39:33:875 3296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:39:34:046 3296 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:39:34:187 3296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:39:34:359 3296 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:39:34:531 3296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:39:34:843 3296 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:39:35:046 3296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:39:35:218 3296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:39:35:343 3296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:39:35:562 3296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:39:35:781 3296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:39:36:000 3296 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:39:36:203 3296 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:39:36:421 3296 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:39:36:593 3296 NAVENG (69974d54db3ae9b63d6c721705f36bbc) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080515.032\NAVENG.SYS
21:39:36:671 3296 NAVEX15 (d79498c50b79550704c91f1d70528f11) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080515.032\NAVEX15.SYS
21:39:36:906 3296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:39:37:109 3296 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:39:37:265 3296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:39:37:468 3296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:39:37:609 3296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:39:37:812 3296 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:39:37:890 3296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:39:38:203 3296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:39:38:343 3296 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\WINDOWS\system32\ckldrv.sys
21:39:38:546 3296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:39:38:750 3296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:39:38:984 3296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:39:39:281 3296 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:39:39:578 3296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:39:39:734 3296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:39:39:937 3296 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
21:39:40:171 3296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:39:40:390 3296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:39:40:656 3296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:39:40:859 3296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:39:41:187 3296 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:39:41:406 3296 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:39:42:937 3296 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:39:43:171 3296 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:39:43:375 3296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:39:43:593 3296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:39:43:812 3296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:39:44:046 3296 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:39:44:265 3296 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:39:44:468 3296 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:39:44:703 3296 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:39:44:906 3296 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:39:45:109 3296 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:39:45:312 3296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:39:45:468 3296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:39:45:703 3296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:39:45:937 3296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:39:46:140 3296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:39:46:359 3296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:39:46:609 3296 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:39:46:828 3296 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:39:47:046 3296 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:39:47:250 3296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:39:47:453 3296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:39:47:765 3296 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:39:47:968 3296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:39:48:359 3296 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:39:48:609 3296 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:39:48:812 3296 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
21:39:49:015 3296 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:39:49:218 3296 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:39:49:421 3296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:39:49:671 3296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:39:49:890 3296 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS
21:39:50:187 3296 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
21:39:50:390 3296 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
21:39:50:703 3296 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
21:39:50:937 3296 STAC97 (19fcec67aaffab07ba358860a602cb4a) C:\WINDOWS\system32\drivers\STAC97.sys
21:39:51:156 3296 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
21:39:51:359 3296 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:39:51:578 3296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:39:51:750 3296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:39:51:906 3296 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:39:52:109 3296 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:39:52:312 3296 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
21:39:52:546 3296 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
21:39:52:765 3296 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
21:39:52:984 3296 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:39:53:250 3296 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:39:53:468 3296 SynTP (24f75b01c02992ad2e800b387269c50d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:39:53:656 3296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:39:53:859 3296 SysPlant (47e40b633e93f5b8d4e16b60cb972c7b) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
21:39:54:093 3296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:39:54:312 3296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:39:54:546 3296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:39:54:765 3296 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
21:39:54:968 3296 Teefer2 (94fb26d72326851e914b9fd988e1aa47) C:\WINDOWS\system32\DRIVERS\teefer2.sys
21:39:55:140 3296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:39:55:296 3296 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:39:55:500 3296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:39:55:765 3296 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:39:55:984 3296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:39:56:203 3296 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:39:56:406 3296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:39:56:640 3296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:39:56:859 3296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:39:57:015 3296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:39:57:187 3296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:39:57:390 3296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:39:57:609 3296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:39:57:828 3296 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:39:58:031 3296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:39:58:328 3296 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:39:58:546 3296 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:39:58:750 3296 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:39:58:984 3296 VRDVC20 (ea630566440ba12053cd599919affd33) C:\WINDOWS\system32\Drivers\VRDVC20X.SYS
21:39:59:187 3296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:39:59:703 3296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:39:59:968 3296 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:40:00:218 3296 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
21:40:00:375 3296 WPS (b0c73e3c023e4014866966a615d7db5e) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
21:40:00:562 3296 WpsHelper (15414e4a9efd26b9391c9bd9c3098541) C:\WINDOWS\system32\drivers\WpsHelper.sys
21:40:00:703 3296 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
21:40:00:843 3296 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
21:40:01:062 3296 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
21:40:01:265 3296 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
21:40:01:484 3296 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
21:40:02:031 3296 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:40:02:046 3296
21:40:02:046 3296 Completed
21:40:02:046 3296
21:40:02:046 3296 Results:
21:40:02:046 3296 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
21:40:02:046 3296 File objects infected / cured / cured on reboot: 0 / 0 / 0
21:40:02:046 3296
21:40:02:046 3296 KLMD(ARK) unloaded successfully

Thanks for your help!

#6 BlackOxide

Group: Malware Removal
Posts: 1,976
Joined: 12-December 09

Posted 28 June 2010 - 03:20 PM

No problem, thanks for posting all of the logs

Right, lets start removing these infections that were found in your logs. Please do the following in order....

1)
Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - HKCU..\Run: [lfqrhqxf] C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\ixwnpxfvw\gimfcvjtssd.exe File not found
O32 - AutoRun File - [2010/01/18 09:36:40 | 000,000,190 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0e8a85df-fdbf-11dd-bdd9-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{0e8a85df-fdbf-11dd-bdd9-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e8a85e0-fdbf-11dd-bdd9-00038a000015}\Shell\AutoRun\command - "" = H:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{0e8a85e0-fdbf-11dd-bdd9-00038a000015}\Shell\open\command - "" = H:\RECYCLER32\dmgr.exe -- File not found
O33 - MountPoints2\{a1e2cd09-049f-11de-bdde-000b7d20d1f3}\Shell\AutoRun\command - "" = E:\RECYCLER32\dmgr.exe -- [2010/01/16 23:04:04 | 000,072,704 | ---- | M] ()
O33 - MountPoints2\{a1e2cd09-049f-11de-bdde-000b7d20d1f3}\Shell\open\command - "" = E:\RECYCLER32\dmgr.exe -- [2010/01/16 23:04:04 | 000,072,704 | ---- | M] ()
[2010/06/23 14:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\ixwnpxfvw
[2010/06/21 18:34:16 | 000,000,292 | -H-- | M] () -- C:\WINDOWS\tasks\42743e9c.job

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57181:TCP"=-
"18895:TCP"=-
"60078:TCP"=-
"30722:TCP"=-
"53350:TCP"=-
"32551:TCP"=-
"24247:TCP"=-
"20176:TCP"=-
"56806:TCP"=-
"16102:TCP"=-
"23351:TCP"=-
"55177:TCP"=-
"33821:TCP"=-
"14570:TCP"=-
"27941:TCP"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65025:TCP"=-
"10063:TCP"=-
"14415:TCP"=-

:Files
c:\documents and settings\Kieser.JULIE.001\Application Data\e9c.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

2)
AVP Virus Scan by Kaspersky
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the Licence agreement and click on next
It will by default install it to your desktop folder.Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

Hidden Startup Objects

System Memory

Disk Boot Sectors.

My Computer.

Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then chooose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

In your next reply
Please post the contents of...
OTL log
AVP log

#7 Cessna 210

Group: Member
Posts: 13
Joined: 18-June 10

Posted 29 June 2010 - 05:37 AM

OTL logfile created on: 6/28/2010 8:00:09 PM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = \\Server\SharedDocs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23.93 Gb Total Space | 3.92 Gb Free Space | 16.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 30.04 Gb Total Space | 19.08 Gb Free Space | 63.51% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JULIE
Current User Name: Kieser
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/25 12:42:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- \\Server\SharedDocs\OTL.exe
PRC - [2010/06/16 10:04:53 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/05/09 17:59:02 | 002,240,944 | ---- | M] (Symantec Corporation) -- E:\Programs\Rtvscan.exe
PRC - [2008/05/09 17:07:02 | 001,660,288 | ---- | M] (Symantec Corporation) -- E:\Programs\SmcGui.exe
PRC - [2008/05/09 17:07:00 | 002,479,488 | ---- | M] (Symantec Corporation) -- E:\Programs\Smc.exe
PRC - [2008/04/14 09:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

========== Modules (SafeList) ==========

MOD - [2010/06/25 12:42:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- \\Server\SharedDocs\OTL.exe
MOD - [2008/05/12 00:38:22 | 000,016,776 | ---- | M] (Symantec Corporation) -- E:\Programs\SnacNp.dll
MOD - [2008/04/14 09:42:04 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 09:42:04 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 09:42:04 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 09:42:02 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/14 09:41:54 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 09:41:52 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/14 09:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 03:09:26 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/16 10:04:53 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/05/12 00:38:14 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- E:\Programs\SNAC.EXE -- (SNAC)
SRV - [2008/05/09 17:59:02 | 002,240,944 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Programs\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/05/09 17:07:00 | 002,479,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Programs\Smc.exe -- (SmcService)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/04/24 14:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2010/06/16 14:43:37 | 000,050,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/06/16 14:41:34 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/16 10:05:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/19 17:56:00 | 000,005,688 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrmCVideo.sys -- (DrmCVideo)
DRV - [2009/11/19 17:55:36 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrmCAudio.sys -- (DrmCAudio)
DRV - [2009/11/18 15:13:02 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/11/09 13:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2008/05/15 02:00:00 | 000,895,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080515.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/05/15 02:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/05/15 02:00:00 | 000,109,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/05/15 02:00:00 | 000,082,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080515.032\NAVENG.SYS -- (NAVENG)
DRV - [2008/05/09 17:09:58 | 000,091,520 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/05/09 17:08:14 | 000,040,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/04/14 04:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/03 12:47:32 | 000,031,104 | ---- | M] (Sony) [Video Capture] [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\VRDVC20X.SYS -- (VRDVC20)
DRV - [2008/03/21 19:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/21 19:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/21 19:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/03/18 17:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/12 15:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/02/11 17:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/01/17 18:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/10/30 20:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 20:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/04/18 10:19:29 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/06 22:09:58 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/01 20:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/08/18 15:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 21:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 21:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/13 11:19:22 | 000,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.salembaptistnow.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2010/06/28 19:50:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programs\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] E:\Programs\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Programs\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programs\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1245951245109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.3
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/18 09:36:40 | 000,000,190 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/24 16:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/24 16:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/23 14:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\ixwnpxfvw
[2010/06/20 22:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\.SunDownloadManager
[2010/06/20 17:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\GooredFix Backups
[2010/06/18 23:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Malwarebytes
[2010/06/18 23:14:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/18 23:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/18 23:14:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/18 22:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/18 22:53:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\erunt_setup.exe
[2010/06/18 22:38:10 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\TFC.exe
[2010/06/16 15:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Recent
[2010/06/16 15:15:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/16 14:42:01 | 000,091,520 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2010/06/16 14:41:10 | 000,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/06/16 14:41:10 | 000,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/06/16 11:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/16 00:20:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/16 00:03:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/16 00:03:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/16 00:03:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/16 00:03:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/16 00:03:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/16 00:02:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/12 01:03:40 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/12 01:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/12 01:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/10 23:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Default Password List_files
[2010/05/31 17:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/31 17:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/31 17:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/31 17:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/18 08:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/05/18 08:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Office Genuine Advantage
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/05/17 16:15:18 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/17 16:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2010/05/17 16:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/05/08 20:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/28 16:10:46 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/28 16:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/28 15:31:53 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Ad-AwareInstaller.exe
[2010/04/01 14:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\2009 Taxes
[2008/10/29 16:12:25 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll

========== Files - Modified Within 90 Days ==========

[2010/06/28 19:58:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/28 19:57:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/28 19:56:02 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\NTUSER.DAT
[2010/06/28 19:56:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\ntuser.ini
[2010/06/28 19:51:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/28 19:50:35 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/28 19:50:10 | 000,001,870 | -H-- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\My Documents\Default.rdp
[2010/06/23 13:50:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/23 13:15:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20050813131557.job
[2010/06/23 11:50:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/22 22:39:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B49B074-6A53-49FB-8F6B-25DC6217B6A0}.job
[2010/06/21 18:34:16 | 000,000,292 | -H-- | M] () -- C:\WINDOWS\tasks\42743e9c.job
[2010/06/21 18:34:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/20 22:41:17 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\jre-6u20-windows-i586-iftw-rv.exe.sdm
[2010/06/18 23:14:18 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/18 22:54:26 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\NTREGOPT.lnk
[2010/06/18 22:54:26 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ERUNT.lnk
[2010/06/18 22:54:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\erunt_setup.exe
[2010/06/18 22:38:22 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\TFC.exe
[2010/06/16 14:43:37 | 000,050,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WpsHelper.sys
[2010/06/16 14:41:34 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/06/16 14:41:34 | 000,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/06/16 14:41:34 | 000,010,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/06/16 14:41:34 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/06/16 14:28:49 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/06/16 14:28:48 | 000,000,753 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/16 14:28:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/16 14:22:38 | 000,008,291 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/06/16 11:50:22 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/16 10:07:18 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/16 10:05:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/16 00:40:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100616-115430.backup
[2010/06/16 00:02:00 | 003,712,146 | R--- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ComboFix.exe
[2010/06/15 21:15:31 | 000,000,177 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/12 01:02:43 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/12 01:02:43 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/11 22:21:09 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 17:26:12 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/11 17:11:30 | 000,508,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 17:11:30 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 17:11:30 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 23:39:37 | 000,000,411 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Shortcut to vlc.lnk
[2010/06/10 23:02:46 | 000,274,428 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Default Password List.htm
[2010/06/01 12:28:49 | 000,020,768 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Jen.docx
[2010/05/31 17:00:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 16:24:35 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 11:58:08 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\fusioncache.dat
[2010/05/24 11:57:14 | 000,095,032 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/21 21:47:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/21 17:15:21 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\TeamViewer 5.lnk
[2010/05/17 16:15:20 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/05 00:09:18 | 000,000,390 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Shortcut to Shopping List.lnk
[2010/05/04 20:06:54 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2010/05/04 20:06:53 | 000,005,427 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/04/29 23:09:00 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\ntuser.pol
[2010/04/29 22:14:52 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 16:07:51 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/28 15:50:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/28 15:40:02 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Ad-AwareInstaller.exe
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/15 14:40:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Microsoft Office Word 2007.lnk
[2010/04/10 13:58:46 | 004,978,688 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\AllFilters.exe
[2010/04/01 14:43:30 | 000,150,906 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ClearPlay_Filters.zip
[2010/04/01 11:50:17 | 000,000,212 | ---- | M] () -- C:\Boot.bak

========== Files Created - No Company Name ==========

[2010/06/20 22:41:17 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\jre-6u20-windows-i586-iftw-rv.exe.sdm
[2010/06/18 23:14:18 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/18 22:54:26 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\NTREGOPT.lnk
[2010/06/18 22:54:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ERUNT.lnk
[2010/06/16 14:41:10 | 000,010,563 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/06/16 14:41:10 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/06/16 11:50:22 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/16 11:28:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/16 00:21:04 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/06/16 00:20:47 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/16 00:13:20 | 000,008,291 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/06/16 00:03:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/16 00:03:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/16 00:03:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/16 00:03:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/16 00:03:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/16 00:01:06 | 003,712,146 | R--- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ComboFix.exe
[2010/06/15 22:08:57 | 000,000,292 | -H-- | C] () -- C:\WINDOWS\tasks\42743e9c.job
[2010/06/12 01:02:43 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/12 01:02:43 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/10 23:39:37 | 000,000,411 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Shortcut to vlc.lnk
[2010/06/10 23:02:30 | 000,274,428 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Default Password List.htm
[2010/06/01 12:28:48 | 000,020,768 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Jen.docx
[2010/05/31 12:51:51 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B49B074-6A53-49FB-8F6B-25DC6217B6A0}.job
[2010/05/21 17:15:21 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\TeamViewer 5.lnk
[2010/05/18 08:51:49 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/05 00:09:18 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Shortcut to Shopping List.lnk
[2010/04/28 16:15:03 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/10 13:58:46 | 004,978,688 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\AllFilters.exe
[2010/04/01 14:43:29 | 000,150,906 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ClearPlay_Filters.zip
[2010/01/21 17:26:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/11/18 15:13:45 | 000,000,078 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/11/18 15:13:41 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/11/18 15:13:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/11/18 15:13:02 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/11/17 20:20:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VPN.dll
[2009/10/07 15:44:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/22 11:12:34 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/08/22 11:12:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009/08/22 11:12:29 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/14 16:28:52 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/21 15:08:38 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2009/04/02 19:51:41 | 000,010,523 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2009/04/02 19:45:48 | 000,000,507 | ---- | C] () -- C:\WINDOWS\DKAAY2DD.ini
[2009/02/26 22:34:22 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/12/13 18:07:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/22 12:14:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/08 21:27:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/04/30 01:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/14 00:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/14 00:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/14 00:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2005/12/11 15:03:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2005/09/12 20:21:55 | 000,002,146 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/16 15:46:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/04/18 10:36:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/18 10:29:36 | 000,000,177 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/18 10:08:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/18 10:00:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/04/18 09:37:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/04/18 09:36:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/04/18 09:36:16 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 09:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/01/21 16:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2005/12/11 15:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2006/01/14 19:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/28 15:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardraw.com Ltd
[2009/02/27 03:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/31 18:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/12 01:02:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/01/21 13:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 15:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/11 14:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\acccore
[2009/02/11 14:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\AIM
[2009/02/11 14:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\AIMPro
[2010/01/17 00:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\ClearPlay Inc
[2009/06/17 13:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\GetRightToGo
[2005/08/20 14:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\MSNInstaller
[2009/12/08 15:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\TeamViewer
[2007/01/11 15:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Viewpoint
[2010/06/21 18:34:16 | 000,000,292 | -H-- | M] () -- C:\WINDOWS\Tasks\42743e9c.job
[2010/06/28 19:51:28 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/06/22 22:39:05 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B49B074-6A53-49FB-8F6B-25DC6217B6A0}.job

========== Purity Check ==========

< End of report >

Here is the Kas report. I let it run overnight but the computer locked up. I was able to copy and paste the log from the report window but did not see a way to save it directly. I do not think it finished so if you need me to run it again I can give it another try.

Autoscan: malfunction (events: 72, objects: 0, time: Unknown)
6/28/2010 8:10:40 PM Task started
6/28/2010 9:29:09 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\ernel32.dll.vir
6/28/2010 9:29:09 PM Detected: Backdoor.Win32.TDSS.tk C:\Qoobox\Quarantine\C\Documents and Settings\Kieser.JULIE.001\Application Data\42743e9c.exe.vir
6/28/2010 9:33:16 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\1i9qGM.dll.vir
6/28/2010 9:37:26 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\ernel32.dll.vir
6/28/2010 9:37:26 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\1w93yW.dll.vir
6/28/2010 9:37:27 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\1i9qGM.dll.vir
6/28/2010 9:37:27 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\AAAA9k1y9.dll.vir
6/28/2010 9:37:28 PM Deleted: Backdoor.Win32.TDSS.tk C:\Qoobox\Quarantine\C\Documents and Settings\Kieser.JULIE.001\Application Data\42743e9c.exe.vir
6/28/2010 9:37:29 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\AAAA9k1y9.dll.vir
6/28/2010 9:37:29 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\c93u7m3.dll.vir
6/28/2010 9:37:30 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\g79a1k.dll.vir
6/28/2010 9:37:30 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\1w93yW.dll.vir
6/28/2010 9:37:31 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\gM1g93a7k.dll.vir
6/28/2010 9:37:32 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\g79a1k.dll.vir
6/28/2010 9:37:33 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\IQ3w79y.dll.vir
6/28/2010 9:37:34 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\c93u7m3.dll.vir
6/28/2010 9:37:35 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\K5yW5.dll.vir
6/28/2010 9:37:36 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\gM1g93a7k.dll.vir
6/28/2010 9:37:37 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\qGM793cEI.dll.vir
6/28/2010 9:37:37 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\IQ3w79y.dll.vir
6/28/2010 9:37:39 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\K5yW5.dll.vir
6/28/2010 9:37:41 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\qGM793cEI.dll.vir
6/28/2010 9:45:24 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0142347.dll
6/28/2010 9:45:24 PM Detected: Trojan-Downloader.Win32.FraudLoad.gwc C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0142357.exe
6/28/2010 9:45:33 PM Detected: Trojan-Downloader.Win32.FraudLoad.gwc C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0142358.exe
6/28/2010 9:47:31 PM Deleted: Trojan-Downloader.Win32.FraudLoad.gwc C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0142357.exe
6/28/2010 9:47:32 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0142347.dll
6/28/2010 9:47:33 PM Deleted: Trojan-Downloader.Win32.FraudLoad.gwc C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0142358.exe
6/28/2010 9:47:43 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0142699.dll
6/28/2010 9:47:46 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP500\A0142699.dll
6/28/2010 9:48:58 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP502\A0145069.dll
6/28/2010 9:49:10 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP502\A0145069.dll
6/28/2010 9:49:12 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP503\A0145084.dll
6/28/2010 9:49:14 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP503\A0145084.dll
6/28/2010 9:49:34 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP503\A0145180.dll
6/28/2010 9:49:35 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP503\A0145180.dll
6/28/2010 9:54:07 PM Detected: P2P-Worm.Win32.Palevo.ann C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145496.exe
6/28/2010 9:54:31 PM Detected: P2P-Worm.Win32.Palevo.ann C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145501.exe
6/28/2010 9:54:58 PM Detected: Backdoor.Win32.TDSS.tk C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145509.exe
6/28/2010 10:10:55 PM Deleted: P2P-Worm.Win32.Palevo.ann C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145496.exe
6/28/2010 10:10:55 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145510.dll
6/28/2010 10:10:55 PM Deleted: P2P-Worm.Win32.Palevo.ann C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145501.exe
6/28/2010 10:10:55 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145511.dll
6/28/2010 10:10:56 PM Deleted: Backdoor.Win32.TDSS.tk C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145509.exe
6/28/2010 10:10:56 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145512.dll
6/28/2010 10:10:56 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145510.dll
6/28/2010 10:10:56 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145513.dll
6/28/2010 10:10:57 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145511.dll
6/28/2010 10:10:57 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145514.dll
6/28/2010 10:10:58 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145512.dll
6/28/2010 10:10:59 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145515.dll
6/28/2010 10:11:00 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145513.dll
6/28/2010 10:11:01 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145516.dll
6/28/2010 10:11:01 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145514.dll
6/28/2010 10:11:01 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145517.dll
6/28/2010 10:11:01 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145515.dll
6/28/2010 10:11:02 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145518.dll
6/28/2010 10:11:02 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145516.dll
6/28/2010 10:11:02 PM Detected: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145519.dll
6/28/2010 10:11:02 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145517.dll
6/28/2010 10:11:03 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145518.dll
6/28/2010 10:11:04 PM Deleted: Trojan-Downloader.Win32.FraudLoad.xdvu C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP504\A0145519.dll
6/28/2010 10:11:29 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP507\A0145697.dll
6/28/2010 10:11:37 PM Detected: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP508\A0145725.dll
6/28/2010 10:11:50 PM Detected: Trojan.Win32.FraudPack.ayeo C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP509\A0152830.exe
6/28/2010 10:31:57 PM Deleted: Trojan.Win32.FraudPack.ayeo C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP509\A0152830.exe
6/28/2010 10:31:57 PM Deleted: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP508\A0145725.dll
6/28/2010 10:31:58 PM Deleted: HEUR:Trojan.Win32.Generic C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP507\A0145697.dll
6/28/2010 11:10:38 PM Detected: P2P-Worm.Win32.Palevo.hns E:\autorun.inf
6/28/2010 11:45:51 PM Detected: P2P-Worm.Win32.Palevo.ann E:\RECYCLER32\dmgr.exe
6/29/2010 7:00:47 AM Untreated: P2P-Worm.Win32.Palevo.hns E:\autorun.inf Skipped by user

#8 BlackOxide

Group: Malware Removal
Posts: 1,976
Joined: 12-December 09

Posted 29 June 2010 - 02:17 PM

Hi,

Copying and pasting the results from the Kas scan like that is fine, thanks

We'll remove some items with ComboFix first, then try the AVP scan again

Please follow the steps below, in order....

1)
Delete the ComboFix.exe file on the Desktop

Then, download a fresh ComboFix to your Desktop, from one of these locations:

Link 1
Link 2

Do not double click on ComboFix, instead, do the following...

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

KillAll::

File::
E:\autorun.inf
E:\RECYCLER32\dmgr.exe
C:\WINDOWS\Tasks\42743e9c.job
c:\documents and settings\Kieser.JULIE.001\Application Data\e9c.exe

Folder::
C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\ixwnpxfvw

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

2)
Try doing a scan with AVP as you did previously to see if it goes through all the way this time

3)
OTL Quick Scan

Double click on the OTL icon to run it.
When the window appears, underneath Output at the top, make sure Standard Output is selected.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window.
Please post the contents of this log

In your next reply
Please post the contents of...
ComboFix log
AVP results
OTL log

#9 Cessna 210

Group: Member
Posts: 13
Joined: 18-June 10

Posted 30 June 2010 - 07:40 AM

Here are the 3 logs. After running ComboFix it automatically restarted and this time it started in Normal mode which is a great improvement over only being able to use Safe Mode

AVS and OTL both ran in Normal mode.

ComboFix 10-06-29.02 - Kieser 06/29/2010 19:32:40.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.895 [GMT -4:00]
Running from: c:\documents and settings\Kieser.JULIE.001\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kieser.JULIE.001\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Outdated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\documents and settings\Kieser.JULIE.001\Application Data\e9c.exe"
"c:\windows\Tasks\42743e9c.job"
"E:\autorun.inf"
"e:\recycler32\dmgr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kieser.JULIE.001\Local Settings\Application Data\ixwnpxfvw
c:\windows\Tasks\42743e9c.job
E:\autorun.inf
e:\recycler32\dmgr.exe

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-29 11:16 . 2010-06-29 11:16 7168 ----a-w- c:\windows\system32\drivers\utqymzex.sys
2010-06-29 00:06 . 2009-10-22 17:54 37392 ----a-w- c:\windows\system32\drivers\60620962.sys
2010-06-29 00:06 . 2009-10-10 03:31 315408 ----a-w- c:\windows\system32\drivers\6062096.sys
2010-06-29 00:06 . 2009-09-25 21:59 128016 ----a-w- c:\windows\system32\drivers\60620961.sys
2010-06-24 19:08 . 2010-06-24 19:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-23 18:09 . 2010-06-23 18:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-21 02:41 . 2010-06-21 02:42 -------- d-----w- c:\documents and settings\Kieser.JULIE.001\.SunDownloadManager
2010-06-19 03:14 . 2010-06-19 03:14 -------- d-----w- c:\documents and settings\Kieser.JULIE.001\Application Data\Malwarebytes
2010-06-19 03:14 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 03:14 . 2010-06-19 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-19 03:14 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 02:54 . 2010-06-19 02:54 -------- d-----w- c:\program files\ERUNT
2010-06-16 18:42 . 2008-05-09 21:09 91520 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-06-16 18:41 . 2010-06-16 18:41 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-16 18:41 . 2010-06-16 18:41 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-16 15:48 . 2010-06-16 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-16 15:28 . 2010-06-16 14:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-16 03:23 . 2010-06-16 03:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-06-12 05:03 . 2010-06-16 14:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-12 05:02 . 2010-06-12 05:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-12 05:02 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-12 05:02 . 2010-06-12 05:02 -------- d-----w- c:\program files\Lavasoft
2010-06-11 20:10 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-05-31 21:59 . 2010-05-31 21:59 -------- d-----w- c:\program files\iPod
2010-05-31 21:58 . 2010-05-31 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-31 21:52 . 2010-05-31 21:53 -------- d-----w- c:\program files\QuickTime
2010-05-31 21:46 . 2010-05-31 21:46 -------- d-----w- c:\program files\Bonjour
2010-05-31 21:22 . 2010-05-31 21:22 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 02:33 . 2005-04-18 13:59 -------- d-----w- c:\program files\Java
2010-06-16 18:46 . 2005-04-18 14:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-16 18:44 . 2005-04-18 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-16 18:43 . 2007-06-19 21:08 50536 ----a-w- c:\windows\system32\drivers\WpsHelper.sys
2010-06-16 18:41 . 2005-04-18 14:20 -------- d-----w- c:\program files\Symantec
2010-06-16 18:41 . 2010-06-16 18:41 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-16 18:41 . 2010-06-16 18:41 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-15 20:07 . 2009-08-18 19:02 -------- d-----w- c:\program files\Common Files\Apple
2010-06-12 05:02 . 2010-04-28 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-12 02:25 . 2007-06-21 01:46 -------- d-----w- c:\documents and settings\Kieser.JULIE.001\Application Data\Apple Computer
2010-06-12 02:21 . 2010-05-09 00:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 21:37 . 2009-02-27 06:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-31 22:00 . 2009-08-18 19:09 -------- d-----w- c:\program files\iTunes
2010-05-24 15:58 . 2005-08-16 19:21 139 ----a-w- c:\documents and settings\Kieser.JULIE.001\Local Settings\Application Data\fusioncache.dat
2010-05-24 15:58 . 2010-01-17 04:16 5968 ----a-w- c:\documents and settings\Kieser.JULIE.001\Application Data\ClearPlay Inc\ClearPlay Easy Updates\1.0.1.7\v_kieserj@gmail.com
2010-05-24 15:57 . 2005-08-16 19:21 95032 -c--a-w- c:\documents and settings\Kieser.JULIE.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-24 15:34 . 2009-02-27 07:05 -------- d-----w- c:\program files\Microsoft Works
2010-05-18 12:54 . 2010-05-18 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-18 12:53 . 2010-05-18 12:53 -------- d-----w- c:\documents and settings\Kieser.JULIE.001\Application Data\Office Genuine Advantage
2010-05-17 20:15 . 2010-05-17 20:15 -------- d-----w- c:\program files\Coupons
2010-05-10 16:48 . 2005-12-13 18:51 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-11 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 20:07 . 2010-04-28 20:10 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-20 05:30 . 2004-08-11 22:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-02-28 16:29 . 2009-02-28 16:24 492294124 -c--a-w- c:\program files\Intuit.zip
2006-05-03 10:06 . 2010-01-21 21:24 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-21 21:24 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-21 21:24 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\programs\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-01 115560]

c:\documents and settings\Kieser.JULIE.001\Start Menu\Programs\Startup\
setup_9.0.0.722_28.06.2010_23-45.lnk - c:\documents and settings\Kieser.JULIE.001\Desktop\Virus Removal Tool\setup_9.0.0.722_28.06.2010_23-45\startup.exe [2010-6-28 72208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1244\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1253\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1399\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1402\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1534\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-1567\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-2959\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3027\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3247\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3311\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3360\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3440\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3451\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3456\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3461\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3467\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3475\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3512\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-3529\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-4690\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-527963275-900565158-463579419-4799\Scripts\Logon\0\0]
"Script"=C:\LOCALLOGON.BAT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Kieser.JULIE.001^Start Menu^Programs^Startup^ClearPlay Easy Updates.lnk]
path=c:\documents and settings\Kieser.JULIE.001\Start Menu\Programs\Startup\ClearPlay Easy Updates.lnk
backup=c:\windows\pss\ClearPlay Easy Updates.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 13:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 15:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 17:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2005-07-23 03:25 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 18:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-14 18:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-14 18:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-09-14 13:50 53248 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 13:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgrWired]
2004-12-09 18:58 86016 ----a-w- c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2005-04-18 14:19 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-18 20:09 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-18 21:52 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-05-14 05:35 536576 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-05-13 15:23 98304 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"hasplms"=2 (0x2)
"Crypkey License"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"e:\\Programs\\Smc.exe"=
"e:\\Programs\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 60620962;60620962 Boot Guard Driver;c:\windows\system32\drivers\60620962.sys [6/28/2010 8:06 PM 37392]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/12/2010 1:03 AM 64288]
R1 60620961;60620961;c:\windows\system32\drivers\60620961.sys [6/28/2010 8:06 PM 128016]
R1 setup_9.0.0.722_28.06.2010_23-45drv;setup_9.0.0.722_28.06.2010_23-45drv;c:\windows\system32\drivers\6062096.sys [6/28/2010 8:06 PM 315408]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/16/2010 2:43 PM 109616]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11/9/2009 1:12 PM 25088]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2010 12:28 PM 135664]
S2 VRDVC20;Sony VRD-VC20 [Video Capture];c:\windows\system32\drivers\VRDVC20X.SYS [4/3/2008 12:47 PM 31104]
S3 DrmCAudio;DrmCAudio;c:\windows\system32\drivers\DrmCAudio.sys [1/21/2010 4:38 PM 23096]
S3 DrmCVideo;DrmCVideo;c:\windows\system32\drivers\DrmCVideo.sys [1/21/2010 4:38 PM 5688]
S3 utqymzex;AVZ Kernel Driver;c:\windows\system32\drivers\utqymzex.sys [6/29/2010 7:16 AM 7168]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [1/21/2010 4:50 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [1/21/2010 4:50 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [1/21/2010 4:51 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [1/21/2010 4:51 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [1/21/2010 4:51 PM 25704]
S4 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 14:05]

2010-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 16:28]

2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 16:28]

2010-06-30 c:\windows\Tasks\User_Feed_Synchronization-{3B49B074-6A53-49FB-8F6B-25DC6217B6A0}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

2010-06-23 c:\windows\Tasks\WebReg 20050813131557.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-29 02:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.salembaptistnow.org/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-29 20:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2520)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
e:\programs\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
e:\programs\Rtvscan.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
e:\programs\SmcGui.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\documents and settings\Kieser.JULIE.001\Desktop\Virus Removal Tool\setup_9.0.0.722_28.06.2010_23-45\setup_9.0.0.722_28.06.2010_23-45.exe
.
**************************************************************************
.
Completion time: 2010-06-29 20:15:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-30 00:15
ComboFix2.txt 2010-06-16 04:44

Pre-Run: 3,994,058,752 bytes free
Post-Run: 2,619,715,584 bytes free

- - End Of File - - 3B8EA694A611235D0ADCCE0DE8986AA5

Autoscan: completed 4 minutes ago (events: 10, objects: 190075, time: 12:59:19)
6/29/2010 8:17:34 PM Task started
6/29/2010 9:17:44 PM Detected: Rootkit.Win32.TDSS.ap C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdrom.sys.vir
6/29/2010 9:25:12 PM Deleted: Rootkit.Win32.TDSS.ap C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\cdrom.sys.vir
6/29/2010 9:26:58 PM Detected: Rootkit.Win32.TDSS.ap C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP509\A0155953.sys
6/29/2010 9:27:25 PM Deleted: Rootkit.Win32.TDSS.ap C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP509\A0155953.sys
6/30/2010 12:21:45 AM Detected: P2P-Worm.Win32.Palevo.ann E:\Qoobox\Quarantine\E\RECYCLER32\dmgr.exe.vir
6/30/2010 12:21:49 AM Detected: P2P-Worm.Win32.Palevo.hns E:\Qoobox\Quarantine\E\autorun.inf.vir
6/30/2010 9:12:16 AM Deleted: P2P-Worm.Win32.Palevo.hns E:\Qoobox\Quarantine\E\autorun.inf.vir
6/30/2010 9:12:16 AM Deleted: P2P-Worm.Win32.Palevo.ann E:\Qoobox\Quarantine\E\RECYCLER32\dmgr.exe.vir
6/30/2010 9:16:55 AM Task completed

OTL logfile created on: 6/30/2010 9:29:52 AM - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = \\Server\SharedDocs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23.93 Gb Total Space | 2.45 Gb Free Space | 10.23% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 30.04 Gb Total Space | 19.08 Gb Free Space | 63.51% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JULIE
Current User Name: Kieser
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/25 12:42:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- \\Server\SharedDocs\OTL.exe
PRC - [2010/06/16 10:04:56 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/16 10:04:53 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/05/09 17:59:02 | 002,240,944 | ---- | M] (Symantec Corporation) -- E:\Programs\Rtvscan.exe
PRC - [2008/05/09 17:07:02 | 001,660,288 | ---- | M] (Symantec Corporation) -- E:\Programs\SmcGui.exe
PRC - [2008/05/09 17:07:00 | 002,479,488 | ---- | M] (Symantec Corporation) -- E:\Programs\Smc.exe
PRC - [2008/04/14 09:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/01 01:25:38 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

========== Modules (SafeList) ==========

MOD - [2010/06/25 12:42:36 | 000,574,464 | ---- | M] (OldTimer Tools) -- \\Server\SharedDocs\OTL.exe
MOD - [2008/05/12 00:38:22 | 000,016,776 | ---- | M] (Symantec Corporation) -- E:\Programs\SnacNp.dll
MOD - [2008/05/09 17:08:02 | 000,357,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\sysfer.dll
MOD - [2008/04/14 09:42:04 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 09:42:04 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 09:42:04 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 09:42:02 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/14 09:41:54 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 09:41:52 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/14 09:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 03:09:26 | 002,897,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\xpsp2res.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/06/16 10:04:53 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/05/12 00:38:14 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- E:\Programs\SNAC.EXE -- (SNAC)
SRV - [2008/05/09 17:59:02 | 002,240,944 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Programs\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/05/09 17:07:00 | 002,479,488 | ---- | M] (Symantec Corporation) [Auto | Running] -- E:\Programs\Smc.exe -- (SmcService)
SRV - [2008/05/07 19:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2008/04/24 14:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/02/01 01:25:16 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2005/06/02 15:54:34 | 000,086,606 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/06/29 07:16:06 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\utqymzex.sys -- (utqymzex)
DRV - [2010/06/16 14:43:37 | 000,050,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2010/06/16 14:41:34 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/16 10:05:45 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/19 17:56:00 | 000,005,688 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrmCVideo.sys -- (DrmCVideo)
DRV - [2009/11/19 17:55:36 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrmCAudio.sys -- (DrmCAudio)
DRV - [2009/11/18 15:13:02 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/11/09 13:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\60620962.sys -- (60620962)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/10/13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\6062096.sys -- (setup_9.0.0.722_28.06.2010_23-45drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\60620961.sys -- (60620961)
DRV - [2008/05/15 02:00:00 | 000,895,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080515.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2008/05/15 02:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/05/15 02:00:00 | 000,109,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/05/15 02:00:00 | 000,082,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080515.032\NAVENG.SYS -- (NAVENG)
DRV - [2008/05/09 17:09:58 | 000,091,520 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/05/09 17:08:14 | 000,040,832 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/04/14 04:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 04:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/03 12:47:32 | 000,031,104 | ---- | M] (Sony) [Video Capture] [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\VRDVC20X.SYS -- (VRDVC20)
DRV - [2008/03/21 19:14:24 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/03/21 19:14:24 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/03/21 19:14:24 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/03/18 17:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/03/17 12:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2008/03/12 15:19:50 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/02/11 17:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2008/01/17 18:24:44 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/10/30 20:55:38 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/10/30 20:55:34 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/04/18 10:19:29 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/06 22:09:58 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/11/01 20:52:46 | 000,272,568 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/08/18 15:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 21:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 21:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/13 11:19:22 | 000,182,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.salembaptistnow.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2010/06/29 20:00:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Programs\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Programs\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Kieser.JULIE.001\Start Menu\Programs\Startup\setup_9.0.0.722_28.06.2010_23-45.lnk = C:\Documents and Settings\Kieser.JULIE.001\Desktop\Virus Removal Tool\setup_9.0.0.722_28.06.2010_23-45\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2008/09/02 22:59:45 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Programs\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1245951245109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.3
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/28 20:06:12 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\6062096.sys
[2010/06/28 20:06:12 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\60620961.sys
[2010/06/28 20:06:12 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\60620962.sys
[2010/06/28 20:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Virus Removal Tool
[2010/06/24 16:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/24 16:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/20 22:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\.SunDownloadManager
[2010/06/20 17:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\GooredFix Backups
[2010/06/18 23:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Malwarebytes
[2010/06/18 23:14:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/18 23:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/18 23:14:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/18 22:54:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/18 22:53:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\erunt_setup.exe
[2010/06/18 22:38:10 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\TFC.exe
[2010/06/16 15:15:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Recent
[2010/06/16 14:42:01 | 000,091,520 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2010/06/16 14:41:10 | 000,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/06/16 14:41:10 | 000,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/06/16 11:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/16 00:20:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/16 00:03:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/16 00:03:57 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/16 00:03:57 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/16 00:03:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/16 00:03:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/16 00:02:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/12 01:03:40 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/12 01:02:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/06/12 01:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/06/10 23:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Default Password List_files
[2010/05/31 17:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/31 17:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/31 17:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/31 17:46:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/18 08:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/05/18 08:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Office Genuine Advantage
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/05/18 08:39:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/05/17 16:15:18 | 000,226,728 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/17 16:15:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2010/05/17 16:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/05/08 20:34:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/28 16:10:46 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/28 16:01:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/04/28 15:31:53 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Ad-AwareInstaller.exe
[2010/04/01 14:58:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\2009 Taxes
[2008/10/29 16:12:25 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll

========== Files - Modified Within 90 Days ==========

[2010/06/30 09:11:33 | 000,000,440 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_28.06.2010_23-45drv.spi
[2010/06/30 08:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/29 20:02:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B49B074-6A53-49FB-8F6B-25DC6217B6A0}.job
[2010/06/29 20:01:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/29 20:00:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/29 20:00:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/29 20:00:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/29 19:54:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/29 19:48:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/29 19:48:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/29 19:48:06 | 1333,198,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/29 19:46:25 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\NTUSER.DAT
[2010/06/29 19:46:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\ntuser.ini
[2010/06/29 19:06:01 | 003,723,633 | R--- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ComboFix.exe
[2010/06/29 08:16:11 | 000,001,870 | -H-- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\My Documents\Default.rdp
[2010/06/29 07:16:06 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utqymzex.sys
[2010/06/28 20:08:18 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Start Menu\Programs\Startup\setup_9.0.0.722_28.06.2010_23-45.lnk
[2010/06/23 13:15:00 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20050813131557.job
[2010/06/20 22:41:17 | 000,000,385 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\jre-6u20-windows-i586-iftw-rv.exe.sdm
[2010/06/18 23:14:18 | 000,000,459 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/18 22:54:26 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\NTREGOPT.lnk
[2010/06/18 22:54:26 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ERUNT.lnk
[2010/06/18 22:54:06 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\erunt_setup.exe
[2010/06/18 22:38:22 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\TFC.exe
[2010/06/16 14:43:37 | 000,050,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WpsHelper.sys
[2010/06/16 14:41:34 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/06/16 14:41:34 | 000,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/06/16 14:41:34 | 000,010,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/06/16 14:41:34 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/06/16 14:28:49 | 000,000,282 | RHS- | M] () -- C:\boot.ini
[2010/06/16 14:28:48 | 000,000,753 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/16 14:22:38 | 000,008,291 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/06/16 11:50:22 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/16 10:07:18 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/16 10:05:45 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/16 00:40:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100616-115430.backup
[2010/06/15 21:15:31 | 000,000,177 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/12 01:02:43 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/12 01:02:43 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/11 22:21:09 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 17:26:12 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/06/11 17:11:30 | 000,508,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 17:11:30 | 000,445,938 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 17:11:30 | 000,072,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 23:39:37 | 000,000,411 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Shortcut to vlc.lnk
[2010/06/10 23:02:46 | 000,274,428 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Default Password List.htm
[2010/06/01 12:28:49 | 000,020,768 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Jen.docx
[2010/05/31 17:00:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/27 16:24:35 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 11:58:08 | 000,000,139 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\fusioncache.dat
[2010/05/24 11:57:14 | 000,095,032 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/21 21:47:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/21 17:15:21 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\TeamViewer 5.lnk
[2010/05/17 16:15:20 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/05/05 00:09:18 | 000,000,390 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Shortcut to Shopping List.lnk
[2010/05/04 20:06:54 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2010/05/04 20:06:53 | 000,005,427 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/04/29 23:09:00 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\ntuser.pol
[2010/04/29 22:14:52 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 16:07:51 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/28 15:50:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/28 15:40:02 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Ad-AwareInstaller.exe
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/15 14:40:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Microsoft Office Word 2007.lnk
[2010/04/10 13:58:46 | 004,978,688 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\AllFilters.exe
[2010/04/01 14:43:30 | 000,150,906 | ---- | M] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ClearPlay_Filters.zip
[2010/04/01 11:50:17 | 000,000,212 | ---- | M] () -- C:\Boot.bak

========== Files Created - No Company Name ==========

[2010/06/29 21:22:11 | 000,000,440 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_28.06.2010_23-45drv.spi
[2010/06/29 19:48:06 | 1333,198,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/29 07:16:06 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utqymzex.sys
[2010/06/28 20:08:18 | 000,002,295 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Start Menu\Programs\Startup\setup_9.0.0.722_28.06.2010_23-45.lnk
[2010/06/20 22:41:17 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\jre-6u20-windows-i586-iftw-rv.exe.sdm
[2010/06/18 23:14:18 | 000,000,459 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/18 22:54:26 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\NTREGOPT.lnk
[2010/06/18 22:54:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ERUNT.lnk
[2010/06/16 14:41:10 | 000,010,563 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/06/16 14:41:10 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/06/16 11:50:22 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/06/16 11:28:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/16 00:21:04 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/06/16 00:20:47 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/16 00:13:20 | 000,008,291 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/06/16 00:03:57 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/16 00:03:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/16 00:03:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/16 00:03:57 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/16 00:03:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/16 00:01:06 | 003,723,633 | R--- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ComboFix.exe
[2010/06/12 01:02:43 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/06/12 01:02:43 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/10 23:39:37 | 000,000,411 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Shortcut to vlc.lnk
[2010/06/10 23:02:30 | 000,274,428 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Default Password List.htm
[2010/06/01 12:28:48 | 000,020,768 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Jen.docx
[2010/05/31 12:51:51 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3B49B074-6A53-49FB-8F6B-25DC6217B6A0}.job
[2010/05/21 17:15:21 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Microsoft\Internet Explorer\Quick Launch\TeamViewer 5.lnk
[2010/05/18 08:51:49 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/05/05 00:09:18 | 000,000,390 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\Shortcut to Shopping List.lnk
[2010/04/28 16:15:03 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/04/10 13:58:46 | 004,978,688 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\AllFilters.exe
[2010/04/01 14:43:29 | 000,150,906 | ---- | C] () -- C:\Documents and Settings\Kieser.JULIE.001\Desktop\ClearPlay_Filters.zip
[2010/01/21 17:26:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/11/18 15:13:45 | 000,000,078 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/11/18 15:13:41 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/11/18 15:13:41 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/11/18 15:13:02 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2009/11/17 20:20:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\VPN.dll
[2009/10/07 15:44:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/22 11:12:34 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/08/22 11:12:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009/08/22 11:12:29 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/14 16:28:52 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/21 15:08:38 | 000,001,084 | ---- | C] () -- C:\WINDOWS\DKAAP2DD.ini
[2009/04/02 19:51:41 | 000,010,523 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2009/04/02 19:45:48 | 000,000,507 | ---- | C] () -- C:\WINDOWS\DKAAY2DD.ini
[2009/02/26 22:34:22 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/12/13 18:07:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2006/12/22 12:14:19 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/07/08 21:27:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/04/30 01:34:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/14 00:18:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/14 00:18:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/14 00:18:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2005/12/11 15:03:35 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2005/09/12 20:21:55 | 000,002,146 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/16 15:46:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/04/18 10:36:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/18 10:29:36 | 000,000,177 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/18 10:08:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/18 10:00:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/04/18 09:37:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/04/18 09:36:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/04/18 09:36:16 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 09:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,839 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/01/21 16:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2005/12/11 15:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2006/01/14 19:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/04/28 15:35:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardraw.com Ltd
[2009/02/27 03:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/31 18:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/12 01:02:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/01/21 13:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/18 15:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/11 14:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\acccore
[2009/02/11 14:42:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\AIM
[2009/02/11 14:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\AIMPro
[2010/01/17 00:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\ClearPlay Inc
[2009/06/17 13:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\GetRightToGo
[2005/08/20 14:41:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\MSNInstaller
[2009/12/08 15:36:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\TeamViewer
[2007/01/11 15:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kieser.JULIE.001\Application Data\Viewpoint
[2010/06/29 19:54:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/06/29 20:02:56 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3B49B074-6A53-49FB-8F6B-25DC6217B6A0}.job

========== Purity Check ==========

< End of report >

#10 BlackOxide

Group: Malware Removal
Posts: 1,976
Joined: 12-December 09

Posted 30 June 2010 - 02:13 PM

Excellent, that went to plan

Good to hear you can now boot into Normal Mode. We're making good progress

I would like to see if MBAM comes back clean now, so please do the following in order....

1)
Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

2)
Run a new Quick Scan with MBAM after updating...

Open MBAM
Click the Update tab, then click Check for Updates and let it install any updates if they are available
Click the Scanner tab, then make sure Quick Scan is selected and click Scan
Post the log that it produces in your next reply

3)
Quick questions...
How is the PC running now? Does your Symantec Live Update now work properly and are you having any redirects when browsing the web?

In your next reply
Please post the contents of...
MBAM log
Answers to the questions

#11 Cessna 210

Group: Member
Posts: 13
Joined: 18-June 10

Posted 01 July 2010 - 06:31 AM

I ran TFC and restarted. Symantec was able to update finally and it seems to be working well. As far as I can tell, there are no more redirects:)!!!! Below is the Malwarebytes log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4263

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/1/2010 8:19:49 AM
mbam-log-2010-07-01 (08-19-49).txt

Scan type: Quick scan
Objects scanned: 155583
Time elapsed: 16 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 BlackOxide

Group: Malware Removal
Posts: 1,976
Joined: 12-December 09

Posted 01 July 2010 - 12:38 PM

Hey,

Good to hear the problems with Symantec updates and the redirects are sorted. Your logs are now clean

You can keep TFC on your PC, it is worth running it every now and then to clear any temp files that are lurking on your PC.

If everything is now OK, let me know, then go through the Cleanup section below and have a read of the other information which will help keep your PC protected

Just let me know if you have any other queries or problems

Thank you for following the procedures, your system now appears free from Malware. Below is a list of steps that are well worth following, they help finalize the fixes we have been doing and will help minimize the risk of a smilar situation happening again by protecting your PC and helping secure it.

Please make sure you follow the Cleanup stage just below.

========== CLEANUP ==========

Remove the Tools used in this cleanup

1)
Tools on the Desktop:
You can now safely remove GMER and TDSSKiller from the Desktop (if present)

2)
Clear Old Restore Points

Run OTL, copy and paste the following into the Custom Scans/Fixes area at the bottom
```
:Commands
[CLEARALLRESTOREPOINTS]
```
Then Click Run Fix

3)
Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

4)
OTL Cleanup

Open OTL
Click the CleanUp button at the top, it will ask to reboot your PC, please allow it to do so

========== Anti Malware Protection ==========

Spyware Blaster
Spyware Blaster is an excellent program that creates a huge list of known suspect/dangerous sites and blocks any attempts to visit those sites by embedding the list into Internet Explorer and Firefox. Very useful to have!

MalwareBytes Anti-Malware
This is an excellent Anti-Malware product. It is recommended to periodically run a Quick Scan to keep your PC as clean as possible.

Free Anti-Virus protection...
If you haven't got an AntiVirus or are thinking of changing, my personal recommendations are Microsoft Security Essentials and Avast, both are free to use. Remember though, you can only have one AntiVirus installed at any one given time.
Microsoft Security Essentials
Avast

========== Updates ==========

Keeping your PC updated is vital in the battle against infections and exploits. There are many infections which will exploit loopholes within Windows itself, Java and Adobe Reader. Keeping these updated is a very good habit to get into.

Automatic Updates

Updates to your Operating System are vital in closing loopholes and fixing bugs which some infections exploit.
To keep your Windows updated, ensure that 'Automatic Updates' is enabled on your PC. To do this...

In XP

Click the Start button
Click Run
Type sysdm.cpl into the run dialogue box and click OK
Click the Automatic Updates tab
Make sure Automatic (Recommended) is selected and click OK

In Vista,
Click the Start button
Click All Programs, then click Windows Update
In the left pane, click Change Settings
Choose Install updates autmatically (recommended), then click OK

Java updates

Click the Start button
Click Control Panel
Double Click Java
Click the Update tab
Click Update Now
Allow any updates to be downloaded and installed

Adobe Reader updates

Open Adobe Reader
Click Help on the menu at the top
Click Check for Updates
Allow any updates to be downloaded and installed

========== Alternate Browsers ==========

Using an alternative web browser can help protect your PC from infections which exploit security holes within Internet Explorer. They can also be quicker to load pages and offer more tools and features such as Firefox's huge addon list.

Firefox - My personal choice, easy to use, safer to use than Internet Explorer and a large number of excellent addons that can be installed such as AdBlockPlus and WOT.

Opera - Another efficient browser that works well. Quick and easy to use.

Have fun and stay safe online
BlackOxide

#13 Cessna 210

Group: Member
Posts: 13
Joined: 18-June 10

Posted 02 July 2010 - 06:59 AM

Thanks so much for your help. I uninstalled everything and installed the programs you suggested. I think that everything is back to running normal and or better:) I appreciate your expertice. Take care!

#14 BlackOxide

Group: Malware Removal
Posts: 1,976
Joined: 12-December 09

Posted 02 July 2010 - 09:00 AM

No problem, you're welcome

Glad we could help you out here.

#15 Essexboy

Group: GeekU Moderator
Posts: 55,482
Joined: 31-May 06

Posted 02 July 2010 - 12:41 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Google Redirect [Solved] - Geeks to Go Forums