Removed Thinkpoint but still having problem

I used your instructions to clean Thinkpoint off of my wife's computer. However, she is still having pop-ups and I.E. (7) is opening random pages, mainly google analytics.
Can you help?

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Belahzur wrote:

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

OTL.TXT
OTL logfile created on: 10/27/2010 8:53:25 PM - Run 2
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Rick-Temp
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 169.33 Gb Free Space | 72.74% Space Free | Partition Type: NTFS

Computer Name: KATHY-1 | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kathy\Local Settings\Temp\jkos-Kathy\binaries\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Rick-Temp\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
PRC - C:\Program Files\Dell V305\dldtmsdmon.exe ()
PRC - C:\Program Files\Dell V305\dldtmon.exe ()
PRC - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dldtcoms.exe ( )
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)


========== Modules (SafeList) ==========

MOD - C:\Rick-Temp\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (dldtCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe ()
SRV - (dldt_device) -- C:\WINDOWS\System32\dldtcoms.exe ( )
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\hpzipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (ZDPSp50) -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys File not found
DRV - (rt2870) -- C:\WINDOWS\System32\DRIVERS\rt2870.sys File not found
DRV - (PCASp50) -- C:\WINDOWS\System32\Drivers\PCASp50.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101025.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101025.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (elagopro) -- C:\WINDOWS\system32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\WINDOWS\system32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (ZD1211BU(Linksys A Division of Cisco Systems Inc.)) Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {38832FF3-F082-49AD-993F-AACE97E306DD} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www5.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\geBtRhIy: DllName - geBtRhIy.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\wvUljKaB) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/23 21:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{53e591f0-41ab-11dd-afe5-001ec961e06b}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\{7f0fa1be-b101-11df-b705-001ec961e06b}\Shell - "" = AutoRun
O33 - MountPoints2\{7f0fa1be-b101-11df-b705-001ec961e06b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf0593f3-226a-11df-b5ae-001ec961e06b}\Shell\AutoRun\command - "" = wscript.exe Deploy\Scripts\BDD_AutoRun.wsf
O33 - MountPoints2\{f10742c6-a94d-11dd-b0e9-001ee5dbdecb}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/27 19:13:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/10/27 19:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/27 19:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/27 19:13:25 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/27 19:13:25 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/27 19:13:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/27 19:13:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/27 19:13:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/27 19:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/27 19:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Application Data\Sun
[2010/10/27 18:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/27 17:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/10/25 21:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Application Data\Malwarebytes
[2010/10/25 21:19:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/25 21:19:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/25 21:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/25 21:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/25 18:56:03 | 000,000,000 | ---D | C] -- C:\Rick-Temp
[2010/10/14 19:17:16 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 19:17:16 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 19:17:09 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2009/08/19 17:05:52 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtusb1.dll
[2009/08/19 17:05:52 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDThcp.dll
[2009/08/19 17:05:52 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtinpa.dll
[2009/08/19 17:05:52 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtiesc.dll
[2009/08/19 17:05:51 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtserv.dll
[2009/08/19 17:05:51 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtpmui.dll
[2009/08/19 17:05:51 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtlmpm.dll
[2009/08/19 17:05:51 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtprox.dll
[2009/08/19 17:05:50 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldthbn3.dll
[2009/08/19 17:05:48 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomc.dll
[2009/08/19 17:05:48 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomm.dll
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/27 20:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/27 20:28:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/27 20:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/10/27 19:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/27 19:13:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/27 19:13:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/27 19:13:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/27 19:13:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/27 19:13:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/27 19:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/10/27 18:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/27 18:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/10/27 17:52:11 | 000,000,063 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2010/10/27 17:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/27 17:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/10/27 16:47:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/27 16:13:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/10/27 15:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/27 15:13:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/10/27 15:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/10/27 14:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/27 14:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/10/27 13:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/27 13:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/10/27 12:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/27 12:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/10/27 12:05:04 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\Microsoft Word.lnk
[2010/10/27 11:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/27 11:13:06 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/10/27 10:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/27 10:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/10/27 09:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/27 09:14:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/27 09:14:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/10/27 09:14:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/10/27 09:14:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/10/27 09:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/10/27 08:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/27 08:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/10/27 07:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/27 07:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/10/27 06:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/27 06:28:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/27 06:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/10/27 05:59:53 | 053,101,568 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/10/27 05:59:50 | 024,529,920 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/10/27 05:57:01 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/27 05:49:33 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/10/27 05:49:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/26 17:50:18 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/26 12:13:21 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\completescan
[2010/10/26 11:53:23 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\install
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/10/26 11:52:36 | 000,554,496 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\hotfix.exe
[2010/10/26 05:49:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 11:38:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 05:35:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010/10/23 17:46:55 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\October 23.doc
[2010/10/23 08:29:00 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/10/19 11:39:36 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\How to Raise Good Parents.DOC
[2010/10/15 03:57:20 | 000,371,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 21:02:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 11:21:56 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\makepeac.doc
[2010/10/12 20:26:39 | 000,004,672 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\grand canyon.jpg
[2010/10/11 09:40:08 | 003,828,736 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\Backing up Kat.doc
[2010/10/07 07:23:38 | 000,010,611 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\school bus.jpg
[2010/10/07 07:00:02 | 000,062,972 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\catherine 2.jpg
[2010/10/07 06:59:51 | 000,070,942 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\catherine bowers.jpg
[2010/10/05 19:11:06 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/05 19:11:06 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/05 17:54:14 | 000,004,287 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\money.jpg
[2010/10/05 17:36:23 | 000,003,901 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\cats on wall.jpg
[2010/10/05 17:35:51 | 000,002,138 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\kittens1.jpg
[2010/10/05 17:35:27 | 000,003,326 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\broken heart.jpg
[2010/10/05 17:34:39 | 000,002,418 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\storm clouds.jpg
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/27 17:52:11 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/10/26 16:32:06 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/26 12:13:21 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\completescan
[2010/10/26 11:53:23 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\install
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/10/26 11:52:37 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/10/26 11:52:37 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/10/26 11:52:36 | 000,554,496 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\hotfix.exe
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/23 17:19:22 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\October 23.doc
[2010/10/13 11:21:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\makepeac.doc
[2010/10/12 20:26:53 | 000,004,672 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\grand canyon.jpg
[2010/10/11 09:40:08 | 003,828,736 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\Backing up Kat.doc
[2010/10/07 07:23:50 | 000,010,611 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\school bus.jpg
[2010/10/07 07:02:04 | 000,062,972 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\catherine 2.jpg
[2010/10/07 07:01:50 | 000,070,942 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\catherine bowers.jpg
[2010/10/05 17:54:27 | 000,004,287 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\money.jpg
[2010/10/05 17:36:34 | 000,003,901 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\cats on wall.jpg
[2010/10/05 17:36:07 | 000,002,138 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\kittens1.jpg
[2010/10/05 17:35:41 | 000,003,326 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\broken heart.jpg
[2010/10/05 17:35:21 | 000,002,418 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\storm clouds.jpg
[2010/08/23 19:38:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/18 06:03:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/09/02 20:09:33 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\fusioncache.dat
[2009/08/19 17:08:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldtvs.dll
[2009/08/19 17:08:03 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldtcoin.dll
[2009/08/19 17:07:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldtcaps.dll
[2009/08/19 17:07:27 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\dldtdrs.dll
[2009/08/19 17:07:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldtcnv4.dll
[2009/08/19 17:06:09 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dldtwupd.dll
[2009/08/19 17:05:53 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\DLDTinst.dll
[2009/08/19 17:05:52 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\dldtutil.dll
[2009/08/19 17:05:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldtinsb.dll
[2009/08/19 17:05:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldtins.dll
[2009/08/19 17:05:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldtjswr.dll
[2009/08/19 17:05:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldtinsr.dll
[2009/08/19 17:05:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldtgrd.dll
[2009/08/19 17:05:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldtcub.dll
[2009/08/19 17:05:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldtcur.dll
[2009/08/19 17:05:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldtcu.dll
[2009/08/19 17:05:47 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDTcfg.dll
[2009/08/01 11:31:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\PTfile1.dll
[2008/12/28 13:41:45 | 000,676,743 | -HS- | C] () -- C:\WINDOWS\System32\BaKjlUvw.ini2
[2008/12/28 13:41:45 | 000,676,743 | -HS- | C] () -- C:\WINDOWS\System32\BaKjlUvw.ini
[2008/11/13 20:54:09 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/08/14 17:27:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/07/08 06:14:53 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\FASTWiz.html
[2008/07/08 06:01:59 | 000,105,930 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\FASTWiz.log
[2008/07/07 20:07:18 | 000,150,016 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/07 18:42:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/06 16:27:36 | 000,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/06 16:27:36 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7BF60F020B.sys
[2008/07/06 13:26:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/07/06 13:26:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/06/23 23:36:38 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/06/23 23:36:37 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/23 23:11:50 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/06/23 23:11:50 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/06/23 23:11:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/06/23 23:11:47 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/06/23 23:11:47 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/06/23 22:55:45 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2008/06/23 22:55:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2008/06/23 22:53:31 | 000,008,134 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2008/06/23 22:53:09 | 000,000,375 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/06/23 22:52:42 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/23 22:52:38 | 000,001,005 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/06/23 22:52:33 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2008/06/23 14:37:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/06 18:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 20:06:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 20:03:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 19:57:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 19:56:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 19:48:38 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/09/06 06:13:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2003/09/26 07:42:46 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2002/05/03 16:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\hppcap.ini
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Women of the Bible devotions:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\What a Character teen 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\What a Character Preteen version:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\WEB_PAGE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\TYLER:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Tidewater Cats:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Teen Bible Book:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Strength for the Day:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Stockings Were Hung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Single Step:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\SEMINARS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Rock Your World:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Roadsigns for Teens:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\RECIPES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Quiz Book for Girls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\PUZZLES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Print Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Pine Grove Explorer's Club:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Parenting Articles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Organizational:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\On the Homefront:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\My Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Moving Day Survival Manual:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Manners:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\LABELS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Junior Articles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Jr High Survival Manual:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\JESSICA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Jasmine:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M The Bible:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M School:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M Family:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M Especially Special Me:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\IDEAS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Home Alone Handbook:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Guy's Bible Book:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Grieving Families:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Gotta Have God 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Geo Club:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Gather My Children:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\FOYC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\FICTION:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Emerald Coast series:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\emerald 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Christmas through the Year:Roxio EMC Stream

< End of report >

STILL having MAJOR problems. Can ANYONE help?

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

From Malwarebytes Anti-Malware:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

10/28/2010 8:10:11 PM
mbam-log-2010-10-28 (20-10-11).txt

Scan type: Quick scan
Objects scanned: 141568
Time elapsed: 12 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Ran OTL again. Here is OTL.TXT
No Extras.txt

OTL logfile created on: 10/28/2010 8:33:17 PM - Run 3
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Rick-Temp
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 70.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.78 Gb Total Space | 169.06 Gb Free Space | 72.63% Space Free | Partition Type: NTFS

Computer Name: KATHY-1 | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/28 05:45:52 | 000,864,624 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/28 05:45:50 | 001,357,464 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/26 18:16:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Rick-Temp\OTL.exe
PRC - [2008/08/15 11:57:58 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
PRC - [2008/06/24 01:27:40 | 000,025,840 | ---- | M] () -- C:\Program Files\Dell V305\dldtmsdmon.exe
PRC - [2008/06/24 01:26:16 | 000,668,912 | ---- | M] () -- C:\Program Files\Dell V305\dldtmon.exe
PRC - [2008/06/23 22:56:25 | 000,098,304 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe
PRC - [2008/06/23 22:54:59 | 000,020,572 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
PRC - [2008/04/13 19:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldtcoms.exe
PRC - [2007/03/14 19:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 17:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/11/05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006/06/02 04:29:26 | 000,180,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/12/05 15:41:44 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
PRC - [2003/10/03 12:52:50 | 000,061,440 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe


========== Modules (SafeList) ==========

MOD - [2010/10/26 18:16:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Rick-Temp\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/28 05:45:50 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/02/25 11:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\dldtcoms.exe -- (dldt_device)
SRV - [2007/03/14 19:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 19:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 19:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 17:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 16:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 17:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 17:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2003/10/22 11:19:22 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\rt2870.sys -- (rt2870)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - [2010/10/18 03:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101025.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 03:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101025.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/23 02:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/09/23 02:46:08 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/05/28 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 03:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/17 20:38:32 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/15 19:17:58 | 004,652,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/09/04 19:47:00 | 006,811,904 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/07/30 11:58:56 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/07/30 11:58:54 | 000,054,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/02/12 17:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 17:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/02/09 12:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/10 16:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/07/21 11:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/10/28 11:38:20 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(Linksys A Division of Cisco Systems Inc.)) Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?rs=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {38832FF3-F082-49AD-993F-AACE97E306DD} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www5.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\geBtRhIy: DllName - geBtRhIy.dll - File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kathy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\wvUljKaB) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/23 21:06:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{53e591f0-41ab-11dd-afe5-001ec961e06b}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\{7f0fa1be-b101-11df-b705-001ec961e06b}\Shell - "" = AutoRun
O33 - MountPoints2\{7f0fa1be-b101-11df-b705-001ec961e06b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf0593f3-226a-11df-b5ae-001ec961e06b}\Shell\AutoRun\command - "" = wscript.exe Deploy\Scripts\BDD_AutoRun.wsf
O33 - MountPoints2\{f10742c6-a94d-11dd-b0e9-001ee5dbdecb}\Shell\AutoRun\command - "" = .\MigWiz\migsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/28 05:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Local Settings\Application Data\Sunbelt Software
[2010/10/28 05:36:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/10/27 19:13:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/10/27 19:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/27 19:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/27 19:13:25 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/27 19:13:25 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/27 19:13:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/27 19:13:25 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/27 19:13:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/27 19:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/27 19:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Application Data\Sun
[2010/10/27 18:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/27 17:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/10/25 21:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kathy\Application Data\Malwarebytes
[2010/10/25 21:19:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/25 21:19:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/25 21:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/25 21:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/25 18:56:03 | 000,000,000 | ---D | C] -- C:\Rick-Temp
[2010/10/14 19:17:16 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 19:17:16 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 19:17:09 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2009/08/19 17:05:52 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtusb1.dll
[2009/08/19 17:05:52 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\DLDThcp.dll
[2009/08/19 17:05:52 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtinpa.dll
[2009/08/19 17:05:52 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtiesc.dll
[2009/08/19 17:05:51 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtserv.dll
[2009/08/19 17:05:51 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtpmui.dll
[2009/08/19 17:05:51 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtlmpm.dll
[2009/08/19 17:05:51 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtprox.dll
[2009/08/19 17:05:50 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldthbn3.dll
[2009/08/19 17:05:48 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomc.dll
[2009/08/19 17:05:48 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\dldtcomm.dll
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/28 20:28:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/28 20:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/10/28 19:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/10/28 19:27:13 | 053,179,392 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/10/28 19:27:10 | 024,574,976 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/10/28 19:26:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/10/28 19:24:02 | 000,013,702 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/28 19:24:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/10/28 19:23:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/28 16:28:41 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Kathy\Desktop\Microsoft Word.lnk
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/10/28 08:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/10/28 07:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/10/28 07:13:05 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/10/28 06:47:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/10/28 06:13:12 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/10/28 05:46:02 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/10/28 05:36:03 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/28 05:36:03 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/10/27 21:13:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/10/27 20:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/10/27 19:13:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/27 19:13:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/27 19:13:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/27 19:13:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/27 19:13:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/27 19:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/10/27 18:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/10/27 17:52:11 | 000,000,063 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2010/10/27 10:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/10/26 17:50:18 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/26 12:13:21 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\completescan
[2010/10/26 11:53:23 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Kathy\Application Data\install
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/10/26 05:49:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 11:38:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/10/25 05:35:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\Backup.job
[2010/10/23 17:46:55 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\October 23.doc
[2010/10/19 11:39:36 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\How to Raise Good Parents.DOC
[2010/10/15 03:57:20 | 000,371,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 21:02:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 11:21:56 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\makepeac.doc
[2010/10/12 20:26:39 | 000,004,672 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\grand canyon.jpg
[2010/10/11 09:40:08 | 003,828,736 | ---- | M] () -- C:\Documents and Settings\Kathy\My Documents\Backing up Kat.doc
[2010/10/07 07:23:38 | 000,010,611 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\school bus.jpg
[2010/10/07 07:00:02 | 000,062,972 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\catherine 2.jpg
[2010/10/07 06:59:51 | 000,070,942 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\catherine bowers.jpg
[2010/10/05 19:11:06 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/05 19:11:06 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/05 17:54:14 | 000,004,287 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\money.jpg
[2010/10/05 17:36:23 | 000,003,901 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\cats on wall.jpg
[2010/10/05 17:35:51 | 000,002,138 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\kittens1.jpg
[2010/10/05 17:35:27 | 000,003,326 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\broken heart.jpg
[2010/10/05 17:34:39 | 000,002,418 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\storm clouds.jpg
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/28 05:36:03 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/10/28 05:36:03 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/10/27 17:52:11 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/10/26 16:32:06 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/26 12:13:21 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\completescan
[2010/10/26 11:53:23 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Kathy\Application Data\install
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/10/26 11:52:37 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/10/26 11:52:37 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/10/25 11:38:20 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/10/23 17:19:22 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\October 23.doc
[2010/10/13 11:21:56 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\makepeac.doc
[2010/10/12 20:26:53 | 000,004,672 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\grand canyon.jpg
[2010/10/11 09:40:08 | 003,828,736 | ---- | C] () -- C:\Documents and Settings\Kathy\My Documents\Backing up Kat.doc
[2010/10/07 07:23:50 | 000,010,611 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\school bus.jpg
[2010/10/07 07:02:04 | 000,062,972 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\catherine 2.jpg
[2010/10/07 07:01:50 | 000,070,942 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\catherine bowers.jpg
[2010/10/05 17:54:27 | 000,004,287 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\money.jpg
[2010/10/05 17:36:34 | 000,003,901 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\cats on wall.jpg
[2010/10/05 17:36:07 | 000,002,138 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\kittens1.jpg
[2010/10/05 17:35:41 | 000,003,326 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\broken heart.jpg
[2010/10/05 17:35:21 | 000,002,418 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\storm clouds.jpg
[2010/08/23 19:38:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/05/18 06:03:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/09/02 20:09:33 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\fusioncache.dat
[2009/08/19 17:08:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldtvs.dll
[2009/08/19 17:08:03 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\dldtcoin.dll
[2009/08/19 17:07:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dldtcaps.dll
[2009/08/19 17:07:27 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\dldtdrs.dll
[2009/08/19 17:07:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldtcnv4.dll
[2009/08/19 17:06:09 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\dldtwupd.dll
[2009/08/19 17:05:53 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\DLDTinst.dll
[2009/08/19 17:05:52 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\dldtutil.dll
[2009/08/19 17:05:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dldtinsb.dll
[2009/08/19 17:05:50 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldtins.dll
[2009/08/19 17:05:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldtjswr.dll
[2009/08/19 17:05:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldtinsr.dll
[2009/08/19 17:05:49 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldtgrd.dll
[2009/08/19 17:05:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldtcub.dll
[2009/08/19 17:05:49 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldtcur.dll
[2009/08/19 17:05:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldtcu.dll
[2009/08/19 17:05:47 | 000,077,906 | ---- | C] () -- C:\WINDOWS\System32\DLDTcfg.dll
[2009/08/01 11:31:36 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\PTfile1.dll
[2008/12/28 13:41:45 | 000,676,743 | -HS- | C] () -- C:\WINDOWS\System32\BaKjlUvw.ini2
[2008/12/28 13:41:45 | 000,676,743 | -HS- | C] () -- C:\WINDOWS\System32\BaKjlUvw.ini
[2008/11/13 20:54:09 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/08/14 17:27:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/07/08 06:14:53 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\FASTWiz.html
[2008/07/08 06:01:59 | 000,105,930 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\FASTWiz.log
[2008/07/07 20:07:18 | 000,150,016 | ---- | C] () -- C:\Documents and Settings\Kathy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/07 18:42:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/06 16:27:36 | 000,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/07/06 16:27:36 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7BF60F020B.sys
[2008/07/06 13:26:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/07/06 13:26:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/06/23 23:36:38 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/06/23 23:36:37 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/23 23:11:50 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/06/23 23:11:50 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/06/23 23:11:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/06/23 23:11:47 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/06/23 23:11:47 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/06/23 22:55:45 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\jst.dll
[2008/06/23 22:55:45 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\PMLJNI.dll
[2008/06/23 22:53:31 | 000,008,134 | ---- | C] () -- C:\WINDOWS\hplj3380.ini
[2008/06/23 22:53:09 | 000,000,375 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2008/06/23 22:52:42 | 000,000,308 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/23 22:52:38 | 000,001,005 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2008/06/23 22:52:33 | 000,221,184 | R--- | C] () -- C:\WINDOWS\System32\HP3AIOZ6.dll
[2008/06/23 14:37:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/08/06 18:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/20 20:07:32 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2006/10/20 20:06:44 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2006/10/20 20:03:28 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2006/10/20 19:57:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2006/10/20 19:56:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2006/10/20 19:55:28 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2006/10/20 19:54:42 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2006/10/20 19:48:38 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2006/10/20 19:46:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/09/06 06:13:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcfg.dll
[2003/09/26 07:42:46 | 000,002,421 | ---- | C] () -- C:\WINDOWS\System32\scrubber.ini
[2002/05/03 16:40:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\System32\hppcap.ini
[2001/03/28 12:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/08/24 16:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar
[2010/08/24 16:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivitar Experience Image Manager - Walmart Edition
[2010/10/28 05:36:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/03/08 08:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy\Application Data\Facebook
[2009/08/01 12:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy\Application Data\PictureTrail
[2008/07/20 10:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kathy\Application Data\Snapfish
[2010/10/28 19:26:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/10/27 18:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/10/27 20:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/10/28 19:47:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/26 05:49:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/10/25 11:38:22 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/10/28 06:13:12 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/10/28 08:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/10/27 10:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/10/28 13:17:47 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/27 19:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/10/28 19:23:59 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/10/28 07:13:05 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/10/27 21:13:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/10/28 20:13:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/10/26 11:52:38 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/10/25 11:38:21 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/10/28 06:47:01 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/10/28 05:19:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/10/28 07:47:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/10/25 05:35:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\Backup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Pictures:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Women of the Bible devotions:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\What a Character teen 1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\What a Character Preteen version:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\WEB_PAGE:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\TYLER:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Tidewater Cats:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Teen Bible Book:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Strength for the Day:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Stockings Were Hung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Single Step:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\SEMINARS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Rock Your World:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Roadsigns for Teens:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\RECIPES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Quiz Book for Girls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\PUZZLES:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Print Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Pine Grove Explorer's Club:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Parenting Articles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Organizational:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\On the Homefront:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\My Google Gadgets:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Moving Day Survival Manual:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Manners:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\LABELS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Junior Articles:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Jr High Survival Manual:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\JESSICA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Jasmine:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M The Bible:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M School:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M Family:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\J4M Especially Special Me:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\IDEAS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Home Alone Handbook:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Guy's Bible Book:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Grieving Families:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Gotta Have God 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Geo Club:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Gather My Children:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\FOYC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\FICTION:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Emerald Coast series:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\emerald 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Kathy\My Documents\Christmas through the Year:Roxio EMC Stream

< End of report >

From Combofix:

ComboFix 10-10-27.A3 - Kathy 10/28/2010 20:54:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3518.2484 [GMT -5:00]
Running from: c:\rick-temp\Combo-Fix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\windows\system32\BaKjlUvw.ini
c:\windows\system32\BaKjlUvw.ini2
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-28 10:42 . 2010-10-28 10:42 -------- d-----w- c:\documents and settings\Kathy\Local Settings\Application Data\Sunbelt Software
2010-10-28 10:36 . 2010-10-28 10:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-28 00:13 . 2010-10-28 00:13 -------- d-----w- c:\windows\Sun
2010-10-28 00:13 . 2010-10-28 00:13 -------- d-----w- c:\program files\Common Files\Java
2010-10-28 00:13 . 2010-10-28 00:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-28 00:13 . 2010-10-28 00:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-28 00:13 . 2010-10-28 00:13 -------- d-----w- c:\program files\Java
2010-10-27 23:55 . 2010-10-27 23:55 -------- d-----w- c:\program files\CCleaner
2010-10-26 02:20 . 2010-10-26 02:20 -------- d-----w- c:\documents and settings\Kathy\Application Data\Malwarebytes
2010-10-26 02:19 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 02:19 . 2010-10-26 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 02:19 . 2010-10-26 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 02:19 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-25 23:56 . 2010-10-29 01:45 -------- d-----w- C:\Rick-Temp
2010-10-15 00:17 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 00:17 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 00:17 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 10:46 . 2009-10-28 14:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-23 07:46 . 2009-01-26 12:11 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-23 07:46 . 2009-01-26 12:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-18 17:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 11:08 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-15 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-04-09 184320]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2008-06-24 98304]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-05 8466432]
"nwiz"="nwiz.exe" [2007-09-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-05 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-10-28 864624]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-2 180224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell V305\\dldtamon.exe"=
"c:\\Program Files\\Dell V305\\frun.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\WINDOWS\\system32\\dldtcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/26/2009 7:05 AM 64288]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 2:46 AM 1357464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 10:54 PM 102448]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [9/23/2010 2:46 AM 15008]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [8/19/2009 5:08 PM 99568]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/16/2010 6:03 PM 135664]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]
S3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);c:\windows\system32\drivers\ZD1211BU.sys [6/23/2008 10:12 PM 402432]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder

2010-10-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 10:45]

2009-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 23:03]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-16 23:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?rs=1
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{38832FF3-F082-49AD-993F-AACE97E306DD} - (no file)
Notify-geBtRhIy - geBtRhIy.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-28 21:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1260)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\dldtcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\Dell V305\dldtMsdMon.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-28 21:08:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-29 02:08

Pre-Run: 182,000,250,880 bytes free
Post-Run: 196,978,823,168 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 7A10DB27B95E551FE43B248D13BF377C

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Done and Done.

From ESET:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=e5d5d3d67ae32a4b84e9b9151c88be5f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-29 11:52:41
# local_time=2010-10-29 06:52:41 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=77270
# found=0
# cleaned=0
# scan_time=1787

How is the machine running now?

Different problems. Pop-ups EVERYWHERE. Checked P/U blocker settings and changed them. Getting google-analytics constantly.

Any suggestions?

Please re-run Combofix and post the new Combofix log.

I will try that tomorrow if there are still problems.
I saw your posts to Squidly about the redirect trojan he is getting. I followed those instructions (making small changes in the fix.bat file). It APPEARS that it has worked. I am ASSUMING the problem is solved. Dangerous I know.

Thank you for your assistance.

Like I said. I ASSUMED!

Re-ran Combo-fix.
Here is outuput:
ComboFix 10-10-31.01 - Kathy 10/31/2010 18:15:08.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3518.2520 [GMT -5:00]
Running from: c:\documents and settings\Kathy\Desktop\Combo-Fix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Kathy\Application Data\completescan
c:\documents and settings\Kathy\Application Data\install

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-31 21:01 . 2010-10-31 21:01 3896823 ----a-w- c:\temp\Combo-Fix.exe
2010-10-31 02:47 . 2010-09-01 20:33 83968 ----a-w- c:\temp\bootkit_remover\remover.exe
2010-10-29 23:19 . 2010-10-29 23:19 -------- d-----w- c:\program files\ESET
2010-10-29 01:50 . 2010-10-29 02:08 -------- d-----w- C:\Combo-Fix
2010-10-28 10:42 . 2010-10-28 10:42 -------- d-----w- c:\documents and settings\Kathy\Local Settings\Application Data\Sunbelt Software
2010-10-28 10:36 . 2010-10-28 10:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-10-28 00:13 . 2010-10-28 00:13 -------- d-----w- c:\windows\Sun
2010-10-28 00:13 . 2010-10-28 00:13 -------- d-----w- c:\program files\Common Files\Java
2010-10-28 00:13 . 2010-10-28 00:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-28 00:13 . 2010-10-28 00:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-28 00:13 . 2010-10-28 00:13 -------- d-----w- c:\program files\Java
2010-10-27 23:55 . 2010-10-27 23:55 -------- d-----w- c:\program files\CCleaner
2010-10-26 02:20 . 2010-10-26 02:20 -------- d-----w- c:\documents and settings\Kathy\Application Data\Malwarebytes
2010-10-26 02:19 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-26 02:19 . 2010-10-26 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 02:19 . 2010-10-26 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-26 02:19 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-25 23:56 . 2010-10-31 21:00 -------- d-----w- C:\Rick-Temp
2010-10-15 00:17 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 00:17 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 00:17 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-28 10:46 . 2009-10-28 14:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-23 07:46 . 2009-01-26 12:11 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-23 07:46 . 2009-01-26 12:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-18 17:23 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-02-28 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-02-28 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-02-28 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2006-02-28 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-09-08 15:57 . 2006-02-28 12:00 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2006-02-28 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-02-28 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-02-28 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-02-28 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 11:08 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2006-02-28 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2006-02-28 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-15 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2003-10-03 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-04-09 184320]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe" [2008-06-24 98304]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-05 8466432]
"nwiz"="nwiz.exe" [2007-09-05 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-05 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-10-28 864624]
"dldtmon.exe"="c:\program files\Dell V305\dldtmon.exe" [2008-06-24 668912]
"dldtamon"="c:\program files\Dell V305\dldtamon.exe" [2008-06-24 16624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-2 180224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell V305\\dldtamon.exe"=
"c:\\Program Files\\Dell V305\\frun.exe"=
"c:\\Program Files\\Dell V305\\dldtmon.exe"=
"c:\\WINDOWS\\system32\\dldtcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldttime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldtjswx.exe"=
"c:\\WINDOWS\\system32\\dldtcoms.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/26/2009 7:05 AM 64288]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/23/2010 2:46 AM 1357464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 10:54 PM 102448]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [9/23/2010 2:46 AM 15008]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [8/19/2009 5:08 PM 99568]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]
S3 ZD1211BU(Linksys A Division of Cisco Systems Inc.);Linksys Wireless-G USB Network Adapter Driver(Linksys A Division of Cisco Systems Inc.);c:\windows\system32\drivers\ZD1211BU.sys [6/23/2008 10:12 PM 402432]
.
Contents of the 'Scheduled Tasks' folder

2010-10-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 10:45]

2009-11-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?rs=1
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-10-31 18:20:42
ComboFix-quarantined-files.txt 2010-10-31 23:20
ComboFix2.txt 2010-10-29 02:08

Pre-Run: 201,016,299,520 bytes free
Post-Run: 201,010,221,056 bytes free

- - End Of File - - 0D05AF40589F9F71F8A2ADA4FCFB5D21

Still having problems now?

Yep!

Getting Pop-ups. Pop-up blocker settings show Popupmgr is getting put into the allowed sites. I had high security set. It turn blocker off.

Hello.

Download MBRCheck to your desktop.

• Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  
• It will show a black screen with some data on it.
  
• A report called MBRcheckxxxx.txt will be on your desktop
  
• Open this report and post its content in your next reply.
  

Here it is:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1525
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 180):
0x82A08000 \SystemRoot\system32\ntkrnlpa.exe
0x82DC1000 \SystemRoot\system32\hal.dll
0x8040F000 \SystemRoot\system32\kdcom.dll
0x80416000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80486000 \SystemRoot\system32\PSHED.dll
0x80497000 \SystemRoot\system32\BOOTVID.dll
0x8049F000 \SystemRoot\system32\CLFS.SYS
0x804E0000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\system32\drivers\acpi.sys
0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EA000 \SystemRoot\system32\drivers\pci.sys
0x80711000 \SystemRoot\System32\drivers\partmgr.sys
0x80720000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80723000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072D000 \SystemRoot\system32\drivers\volmgr.sys
0x8073C000 \SystemRoot\System32\drivers\volmgrx.sys
0x80786000 \SystemRoot\system32\drivers\intelide.sys
0x8078D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A808000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8A8C6000 \SystemRoot\system32\drivers\atapi.sys
0x8A8CE000 \SystemRoot\system32\drivers\ataport.SYS
0x8A8EC000 \SystemRoot\system32\drivers\msahci.sys
0x8A8F6000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A928000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A938000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x8A947000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x8A95D000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A967000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AA07000 \SystemRoot\system32\drivers\ndis.sys
0x8AB12000 \SystemRoot\system32\drivers\msrpc.sys
0x8AB3D000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AC00000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AD10000 \SystemRoot\system32\drivers\volsnap.sys
0x8AD49000 \SystemRoot\System32\Drivers\spldr.sys
0x8AD51000 \SystemRoot\System32\Drivers\mup.sys
0x8AD60000 \SystemRoot\System32\drivers\ecache.sys
0x8AD87000 \SystemRoot\system32\drivers\disk.sys
0x8AD98000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8ADB9000 \SystemRoot\system32\drivers\crcdisk.sys
0x8ECC8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ECD3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8ECDC000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F601000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8FC4E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FCEF000 \SystemRoot\System32\drivers\watchdog.sys
0x8FCFB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8FD06000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8FD44000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FD53000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8ECEB000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8FE07000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8FF31000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FF41000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FF4F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8FF69000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8FF78000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8FF8C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8FFDD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8FFF0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8FDE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FFFB000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8ED37000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FE00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8FDEB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FDEF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8ED4F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ED7E000 \SystemRoot\system32\DRIVERS\storport.sys
0x8EDBF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8EDCA000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EDE1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ADCF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8EDEC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AB78000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AB8C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ABA1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FFFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8ABB1000 \SystemRoot\system32\DRIVERS\ks.sys
0x8EC00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADF2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807AB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8ABDB000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x805C0000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x90209000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x9030C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x903C0000 \SystemRoot\system32\drivers\modem.sys
0x903CD000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x90403000 \SystemRoot\system32\drivers\portcls.sys
0x90430000 \SystemRoot\system32\drivers\drmk.sys
0x90455000 \SystemRoot\system32\drivers\stwrt.sys
0x904AA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x904C1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x904C3000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x904FD000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x90518000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9052B000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0x9053F000 \SystemRoot\System32\Drivers\SRTSP.SYS
0x90F56000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x90F8F000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0x90F99000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90FA2000 \SystemRoot\System32\Drivers\Null.SYS
0x90FA9000 \SystemRoot\System32\Drivers\Beep.SYS
0x90FB0000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x90FB6000 \SystemRoot\System32\drivers\vga.sys
0x90FC2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x90FE3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90FEB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x90FF3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x90588000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90596000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x98E05000 \SystemRoot\System32\drivers\tcpip.sys
0x98EEF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x98F0A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x98F20000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0x98F4E000 \SystemRoot\system32\DRIVERS\smb.sys
0x98F62000 \SystemRoot\system32\drivers\afd.sys
0x98FAA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x98FDC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x98FF2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9059F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9920B000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0x99274000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x992B0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x992BA000 \SystemRoot\system32\drivers\mfehidk.sys
0x992ED000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9934B000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x99368000 \SystemRoot\System32\Drivers\dfsc.sys
0x9937F000 \SystemRoot\system32\DRIVERS\udfs.sys
0x993BA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EC0A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x81AB0000 \SystemRoot\System32\win32k.sys
0x993C7000 \SystemRoot\System32\drivers\Dxapi.sys
0x81CD0000 \SystemRoot\System32\TSDDD.dll
0x81CF0000 \SystemRoot\System32\cdd.dll
0x993E0000 \SystemRoot\system32\drivers\luafv.sys
0x99200000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x993FB000 \SystemRoot\System32\DLA\DLADResM.SYS
0x905B2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x98E00000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x993FC000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x90E00000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x905CA000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x905D1000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x905E7000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB3A01000 \SystemRoot\system32\drivers\spsys.sys
0xB3AB1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xB3AC1000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xB3AEB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB3AF5000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xB3B08000 \SystemRoot\system32\drivers\HTTP.sys
0xB3B75000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xB3B92000 \SystemRoot\system32\DRIVERS\bowser.sys
0xB3BAB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xB3BC0000 \SystemRoot\system32\drivers\mrxdav.sys
0xB3BE1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB680D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xB6846000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xB685E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xB6886000 \SystemRoot\System32\DRIVERS\srv.sys
0xB68EC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB68F0000 \SystemRoot\system32\drivers\peauth.sys
0xB69CE000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB69D8000 \SystemRoot\System32\Drivers\fastfat.SYS
0xB6800000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB68D4000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xB68DC000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x90E07000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101029.003\NAVEX15.SYS
0x90F7B000 \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101029.003\NAVENG.SYS
0xB68E4000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0x8ADC2000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x993D1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x904FF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x90508000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9051F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x903EE000 \SystemRoot\system32\DRIVERS\HPKBCCID.sys
0x90536000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x77850000 \Windows\System32\ntdll.dll

Processes (total 107):
0 System Idle Process
4 System
464 C:\Windows\System32\smss.exe
600 csrss.exe
644 csrss.exe
652 C:\Windows\System32\wininit.exe
692 C:\Windows\System32\services.exe
720 C:\Windows\System32\winlogon.exe
732 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\svchost.exe
968 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\SLsvc.exe
1364 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\svchost.exe
1692 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
1700 C:\Windows\System32\wlanext.exe
1824 C:\Windows\System32\WLTRYSVC.EXE
1896 C:\Windows\System32\BCMWLTRY.EXE
1928 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
332 C:\Windows\System32\spoolsv.exe
480 C:\Windows\System32\svchost.exe
1560 C:\Program Files\ActivIdentity\ActivClient\accoca.exe
1516 C:\Windows\System32\AEstSrv.exe
1384 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1432 C:\Program Files\Bonjour\mDNSResponder.exe
1404 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
636 C:\Program Files\Symantec AntiVirus\DefWatch.exe
1628 C:\Windows\System32\dlcxcoms.exe
2072 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
2176 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2316 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
2404 C:\Windows\System32\svchost.exe
2420 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2592 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2632 C:\Windows\System32\stacsv.exe
2680 C:\Windows\System32\svchost.exe
2692 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
2756 C:\Windows\System32\svchost.exe
2796 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2812 C:\Windows\System32\SearchIndexer.exe
2948 C:\Windows\System32\drivers\XAudio.exe
2976 C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
3428 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
3444 unsecapp.exe
3572 WmiPrvSE.exe
3580 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3780 C:\Windows\ehome\ehsched.exe
4032 C:\Windows\ehome\ehrecvr.exe
3320 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
224 C:\Windows\System32\dwm.exe
2848 C:\Windows\explorer.exe
2912 C:\Windows\System32\taskeng.exe
392 C:\Program Files\Windows Defender\MSASCui.exe
2728 C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
380 C:\Windows\System32\WLTRAY.EXE
1492 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1740 C:\Windows\OEM02Mon.exe
868 C:\Windows\System32\igfxtray.exe
4260 C:\Windows\System32\hkcmd.exe
4272 C:\Windows\System32\igfxpers.exe
4296 C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
4312 C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
4352 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
4396 C:\Program Files\dcmsvc\dcmsvc.exe
4404 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
4420 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
4428 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
4448 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
4468 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
4500 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
4516 C:\Program Files\Symantec AntiVirus\VPTray.exe
4544 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4556 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
4572 C:\Program Files\iTunes\iTunesHelper.exe
4584 C:\Program Files\MSN Toolbar\Platform\6.3.2348.0\mswinext.exe
4592 C:\Program Files\Windows Sidebar\sidebar.exe
4600 C:\Windows\ehome\ehtray.exe
4608 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
4624 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
4632 C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
4640 C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
4648 C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
4672 C:\Windows\System32\igfxsrvc.exe
4904 C:\Windows\System32\wuauclt.exe
5252 C:\Windows\ehome\ehmsas.exe
5712 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
2764 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
5812 C:\Program Files\iPod\bin\iPodService.exe
5720 C:\Program Files\Windows Live\Contacts\wlcomm.exe
5644 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
1720 C:\Windows\System32\taskeng.exe
5864 C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
964 C:\Windows\System32\taskmgr.exe
3116 C:\Program Files\Internet Explorer\iexplore.exe
2788 C:\Program Files\Internet Explorer\iexplore.exe
5124 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
4388 C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
3284 C:\Program Files\Internet Explorer\iexplore.exe
5800
4912 C:\Temp\bootkit_remover\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-75ZCT2, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Bump

I am still having problems. I have three computers with this problem.
Can SOMEONE help me?

Hmm, I think your router maybe hijacked then if all 3 machines have the same problem. The only way to fix this is a manual restore to factory default.

How do I do that?

Never mind. I decided to RTFB.

Byt the way that seems to have worked. I never changed the ADMIN p/w - what a rookie mistake! 20 years working on computers and I make that mistake.

Thanks for the help!

Hehe, no problem.

YOU DA MAN! Thanks again