Search redirect problem, combofix didnt work(log incl)

I have the search redirect virus, I've tried malwarebites, have symantec installed, also aw-aware didnt find anything and combofix didnt fix the issue . When I tried to fix the O2 problem (urlredirect) it shows up again after a rescan. I'm running out of options. Please help...
Heres the hijackthis log followed by the combofix log.
Logfile of HijackThis v1.99.1
Scan saved at 01:19:55, on 8/17/2009
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\System32\winauc.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kolombok\Desktop\Hijack\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [pr0xy x] C:\Windows\System32\winauc.exe
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: S&end to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: AntipyProex (AntipPro2009_100) - Unknown owner - C:\Windows\svchast.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Combofix.log
ComboFix 09-08-10.06 - Kolombok 08/17/2009 0:34.1.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6000.0.1251.7.1033.18.2045.1272 [GMT -5:00]
Running from: c:\users\Kolombok\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500
c:\windows\Installer\2b5a67c.msi
c:\windows\Installer\e4d169.msi

.
((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))
.

2009-08-17 05:41 . 2009-08-17 05:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-17 01:13 . 2009-08-17 01:13 -------- d-----w- c:\program files\Uplink
2009-08-17 00:54 . 2009-08-17 00:12 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-17 00:12 . 2009-08-17 00:12 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-17 00:12 . 2009-08-17 00:11 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-17 00:04 . 2009-08-17 00:04 -------- dc-h--w- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-08-17 00:04 . 2009-08-17 00:12 -------- d-----w- c:\progra~2\Lavasoft
2009-08-17 00:04 . 2009-08-17 00:04 -------- d-----w- c:\program files\Lavasoft
2009-08-16 22:09 . 2009-08-16 23:09 -------- d-----w- C:\Downloads
2009-08-16 21:46 . 2009-08-16 21:46 -------- d-----w- c:\users\Kolombok\AppData\Roaming\Malwarebytes
2009-08-16 21:46 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-16 21:45 . 2009-08-16 21:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-16 21:45 . 2009-08-16 21:45 -------- d-----w- c:\progra~2\Malwarebytes
2009-08-16 21:45 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-16 21:31 . 2009-08-16 21:31 -------- d-----w- C:\_OTM
2009-08-16 06:31 . 2009-08-16 06:31 44820 ----a-w- c:\windows\system32\winauc.exe
2009-08-16 06:30 . 2009-08-16 06:30 8704 ----a-w- c:\windows\system32\SpOrder.dll
2009-08-16 06:30 . 2009-08-16 06:30 73728 ----a-w- c:\windows\system32\VistaInfo32.dll
2009-08-16 02:35 . 2009-08-16 02:39 -------- d-----w- c:\program files\CyberLink
2009-08-15 23:26 . 2009-08-15 23:26 -------- d-----w- c:\users\Kolombok\AppData\Roaming\VistaCodecs
2009-08-15 23:25 . 2009-08-15 23:26 -------- d-----w- c:\program files\VistaCodecPack
2009-08-15 23:25 . 2009-08-15 23:26 -------- d-----w- c:\progra~2\VistaCodecs
2009-08-15 23:21 . 2009-08-15 23:21 -------- d-----w- c:\users\Kolombok\AppData\Local\Cyberlink
2009-08-15 23:15 . 2009-08-15 23:15 -------- d-----w- c:\users\Public\CyberLink
2009-08-15 23:15 . 2009-08-15 23:15 -------- d-----w- c:\users\Kolombok\AppData\Local\PowerDVDCox
2009-08-15 23:15 . 2009-08-15 23:15 -------- d-----w- c:\users\Kolombok\AppData\Local\PowerDVDCinema
2009-08-15 23:15 . 2009-08-15 23:15 -------- d-----w- c:\users\Kolombok\AppData\Roaming\CyberLink
2009-08-15 23:13 . 2009-08-16 02:40 -------- d-----w- c:\progra~2\CyberLink
2009-08-15 23:12 . 2009-08-15 23:12 -------- d-----w- c:\program files\Common Files\CyberLink
2009-08-15 23:08 . 2009-08-16 04:42 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-08-15 22:28 . 2009-08-15 22:28 -------- d-----w- c:\users\Kolombok\AppData\Roaming\Leadertech
2009-08-15 02:57 . 2009-08-15 02:57 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-15 02:52 . 2009-02-12 09:35 38208 ----a-w- c:\users\Kolombok\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-15 02:52 . 2009-08-15 02:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-15 02:50 . 2009-08-15 02:58 -------- d-----w- c:\users\Kolombok\AppData\Local\Adobe
2009-08-15 02:49 . 2009-08-15 12:33 -------- d-----w- c:\progra~2\NOS
2009-08-15 02:21 . 2007-08-31 00:57 14208 ----a-w- c:\windows\system32\drivers\CmBatt.sys
2009-08-15 02:20 . 2008-08-28 03:24 712192 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-08-15 02:20 . 2008-08-28 03:24 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-08-15 02:20 . 2008-08-28 03:24 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-08-15 02:20 . 2007-05-04 00:31 53760 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2009-08-15 02:20 . 2008-10-21 05:16 1645568 ----a-w- c:\windows\system32\connect.dll
2009-08-15 02:20 . 2007-01-26 03:00 974336 ----a-w- c:\windows\system32\crypt32.dll
2009-08-13 23:49 . 2009-08-13 23:49 -------- d-----w- c:\users\Kolombok\AppData\Local\Oberon Games
2009-08-13 17:16 . 2009-06-10 12:16 156160 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 17:16 . 2009-06-04 12:43 1871872 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 17:16 . 2009-06-04 12:47 36352 ----a-w- c:\windows\system32\tsgqec.dll
2009-08-13 17:16 . 2009-06-04 12:36 116736 ----a-w- c:\windows\system32\aaclient.dll
2009-08-13 17:16 . 2009-07-14 13:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 17:16 . 2009-07-14 13:00 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 17:16 . 2009-07-14 13:01 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 17:16 . 2009-07-14 11:11 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-13 06:53 . 2009-08-13 06:53 -------- d-----w- c:\users\Kolombok\AppData\Roaming\Foxit
2009-08-13 06:53 . 2009-08-15 02:48 -------- d-----w- c:\program files\Foxit Software
2009-08-13 04:47 . 2009-07-17 14:52 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 04:47 . 2009-06-10 12:10 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-08-13 04:47 . 2009-06-10 12:10 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-08-13 04:47 . 2009-06-10 12:09 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-08-13 04:47 . 2009-06-10 12:07 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-08-13 04:47 . 2009-06-10 12:04 88576 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 04:47 . 2009-06-10 12:04 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-08-12 05:55 . 2009-08-12 05:55 -------- d-----w- c:\users\Kolombok\AppData\Roaming\blg
2009-08-12 05:55 . 2009-08-12 05:55 -------- d-----w- c:\progra~2\blg
2009-08-12 05:51 . 2009-08-12 05:51 -------- d-----w- c:\progra~2\Reflexive
2009-08-12 05:26 . 2009-08-12 05:51 -------- d-----w- c:\program files\Bejeweled Twist
2009-08-12 05:26 . 2009-08-12 05:26 -------- d-----w- c:\program files\ReflexiveArcade
2009-08-12 04:20 . 2009-08-12 04:20 -------- d-----w- c:\program files\Microsoft Synchronization Services
2009-08-12 04:19 . 2009-08-12 04:19 -------- d-----w- c:\windows\PCHEALTH
2009-08-12 04:19 . 2009-08-12 04:19 -------- d-----w- c:\program files\Microsoft.NET
2009-08-12 04:19 . 2009-08-12 04:19 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-08-12 04:17 . 2009-08-12 04:17 -------- d-----w- c:\program files\Microsoft Analysis Services
2009-08-12 04:16 . 2009-08-12 04:16 -------- d-----w- c:\users\Kolombok\AppData\Local\Microsoft Help
2009-08-12 04:15 . 2009-08-12 04:22 -------- d-----w- c:\progra~2\Microsoft Help
2009-08-12 04:15 . 2009-08-12 04:15 -------- d--h--r- C:\MSOCache
2009-08-12 03:48 . 2009-08-12 03:48 -------- d-----w- c:\program files\Java
2009-08-11 21:19 . 2009-08-12 03:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-08-10 23:50 . 2009-08-17 02:51 -------- d-----w- c:\program files\ArtMoney
2009-08-10 20:07 . 2009-08-10 20:07 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-10 20:07 . 2009-08-13 06:46 -------- d-----w- c:\users\Kolombok\AppData\Roaming\Winamp
2009-08-10 20:07 . 2009-08-10 20:10 -------- d-----w- c:\program files\Winamp
2009-08-10 05:28 . 2009-08-10 05:28 -------- d-----w- c:\program files\Car Thief 6 Full
2009-08-10 05:12 . 2009-08-10 05:13 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-10 05:11 . 2007-03-22 03:33 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2009-08-10 05:11 . 2007-03-22 03:33 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2009-08-10 05:11 . 2007-03-22 03:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2009-08-10 05:11 . 2009-08-10 05:14 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-10 05:11 . 2009-08-10 05:13 -------- d-----w- c:\program files\Symantec
2009-08-10 04:38 . 2009-08-10 04:38 268800 ----a-w- c:\windows\system32\es.dll
2009-08-10 04:19 . 2009-08-10 04:19 -------- d-----w- c:\windows\system32\chm
2009-08-10 03:43 . 2009-08-10 03:46 -------- d-----w- c:\users\Kolombok\AppData\Local\Deployment
2009-08-10 03:43 . 2009-08-10 03:43 -------- d-----w- c:\users\Kolombok\AppData\Local\Apps
2009-08-10 03:22 . 2009-08-10 05:14 -------- d-----w- c:\progra~2\Symantec
2009-08-10 03:13 . 2009-08-10 03:21 -------- d-----w- c:\users\Kolombok\AppData\Local\Tific
2009-08-10 03:13 . 2009-08-10 03:13 -------- d-----w- c:\users\Kolombok\AppData\Roaming\Tific
2009-08-10 03:13 . 2009-08-10 05:14 -------- d-----w- c:\users\Kolombok\AppData\Local\Symantec
2009-08-10 03:11 . 2009-08-10 03:11 -------- d-----w- c:\windows\system32\drivers\NIS
2009-08-10 03:11 . 2009-08-10 04:31 -------- d-----w- c:\progra~2\Norton
2009-08-10 03:11 . 2009-08-10 03:11 -------- d-----w- c:\progra~2\NortonInstaller
2009-08-09 17:49 . 2007-05-07 00:11 94208 ----a-w- c:\windows\system32\stacsv.exe
2009-08-09 17:49 . 2007-04-11 01:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2009-08-09 17:48 . 2007-05-07 00:11 144896 ----a-w- c:\windows\system32\staco.dll
2009-08-09 17:48 . 2009-08-09 17:48 -------- d-----w- c:\program files\SigmaTel
2009-08-09 17:48 . 2007-05-07 00:12 326656 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-08-09 17:48 . 2007-05-07 00:11 326144 ----a-w- c:\windows\system32\stcplx.dll
2009-08-09 17:48 . 2007-05-07 00:11 587776 ----a-w- c:\windows\system32\stapo.dll
2009-08-09 17:48 . 2007-05-07 00:10 244736 ----a-w- c:\windows\system32\stapi32.dll
2009-08-09 17:48 . 2007-03-05 21:05 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-08-09 17:48 . 2007-03-05 21:05 492544 ----a-w- c:\windows\system32\ctapo32.dll
2009-08-09 16:53 . 2009-08-09 16:53 -------- d-----w- c:\users\Kolombok\AppData\Roaming\Creative
2009-08-09 16:52 . 2009-08-09 23:26 -------- d-----w- c:\users\Kolombok\AppData\Roaming\skypePM
2009-08-09 10:17 . 2009-08-09 10:17 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-08-09 10:17 . 2009-08-09 10:17 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-08-09 10:17 . 2009-08-09 10:17 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-08-09 10:17 . 2009-08-09 10:17 272896 ----a-w- c:\windows\system32\polstore.dll
2009-08-09 10:17 . 2009-08-09 10:17 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-08-09 10:17 . 2009-08-09 10:17 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-08-09 10:17 . 2009-08-09 10:17 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-08-09 10:17 . 2009-08-09 10:17 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-08-09 10:17 . 2009-08-09 10:17 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-08-09 10:16 . 2009-08-09 10:16 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-08-09 10:16 . 2009-08-09 10:16 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-09 10:16 . 2009-08-09 10:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-08-09 10:16 . 2009-08-09 10:16 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-09 10:16 . 2009-08-09 10:16 24064 ----a-w- c:\windows\system32\lpk.dll
2009-08-09 10:16 . 2009-08-09 10:16 156160 ----a-w- c:\windows\system32\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 04:52 . 2009-08-10 04:32 102548 ----a-w- c:\progra~2\nvModes.dat
2009-08-16 20:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-16 20:37 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-16 02:38 . 2009-08-09 05:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-15 10:09 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-15 10:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-12 04:47 . 2009-08-09 02:16 100256 ----a-w- c:\users\Kolombok\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-10 05:13 . 2009-08-10 05:12 10671 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-10 05:13 . 2009-08-10 05:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-09 16:52 . 2009-08-09 16:52 56 ---ha-w- c:\progra~2\ezsidmv.dat
2009-08-09 16:46 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-09 07:56 . 2009-08-09 07:56 1793536 ----a-w- c:\windows\system32\NlsLexicons0045.dll
2009-08-09 07:53 . 2009-08-09 07:53 944184 ----a-w- c:\windows\system32\winload.exe
2009-08-09 05:05 . 2009-08-09 02:16 680 ----a-w- c:\users\Kolombok\AppData\Local\d3d9caps.dat
2009-07-21 21:52 . 2009-08-13 04:52 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-13 04:52 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-13 04:52 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-13 04:52 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-06 19:21 . 2009-07-06 19:21 1003520 ----a-w- c:\windows\system32\VSFilter.dll
2009-06-27 20:56 . 2009-06-27 20:56 1064280 ----a-w- c:\windows\system32\WebServices.dll
2009-06-03 01:11 . 2009-06-03 01:11 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-05-29 23:52 . 2009-05-29 23:52 204800 ----a-w- c:\windows\system32\xvidvfw.dll
2009-05-29 23:47 . 2009-05-29 23:47 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-08-09 07:30 . 2008-10-31 00:34 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2007-02-21 19:48 . 2007-02-21 19:48 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-06-27 21:05 739704 ----a-w- c:\progra~1\MICROS~1\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-08-09 1232896]
"pr0xy x"="c:\windows\System32\winauc.exe" [2009-08-16 44820]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-02 36864]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-05-07 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-30 96800]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-02-12 115560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 148888]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-06-27 58232]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-06 75048]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-08-17 520024]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-15 130864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{797B1CBC-08ED-47BE-AE6D-26E12A41556B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{FB2AE699-0E13-4830-BCA6-EFDCF414E89D}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{C26037EE-DC6A-4EB1-980A-FCA44189B8F0}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe:SMC Service
"{AEB5E600-C370-46BA-8904-7231AD5973A6}"= UDP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{3F6EEAE2-D20C-4278-ADB1-C269DC9B2840}"= TCP:c:\program files\Symantec\Symantec Endpoint Protection\SNAC.EXE:SNAC Service
"{32D2B349-AD1A-4EA1-83D3-E4204F13286B}"= UDP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{BF7C75B0-F3D2-4F6B-8E2A-B9759C644B22}"= TCP:c:\program files\Common Files\Symantec Shared\ccApp.exe:Symantec Email
"{C43D34CB-17C6-456E-B31F-75D83FDD7D1C}"= UDP:c:\program files\Microsoft Office\Office14\ONENOTE.EXE:Microsoft Office OneNote
"{21F3EF71-369B-42F4-B1DE-472E6CC9AE3B}"= TCP:c:\program files\Microsoft Office\Office14\ONENOTE.EXE:Microsoft Office OneNote
"{E35C3EBD-925D-4D63-8D45-BACAEF688074}"= TCP:6004|c:\program files\Microsoft Office\Office14\outlook.exe:Microsoft Office Outlook
"{E2A8D447-1B13-452D-A558-640E9FD7F884}"= c:\program files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe:CyberLink PowerDVD 9.0
"{60A1E906-5AE4-4808-A8BD-62A4D1301E1B}"= c:\program files\CyberLink\PowerDVD9\PowerDVD9.EXE:CyberLink PowerDVD 9.0

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [8/16/2009 19:12 64160]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/15 21:39];c:\program files\CyberLink\PowerDVD9\000.fcl [8/5/2009 22:58 87536]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 18:08 182576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 14:06 1029456]
R2 osppsvc;Office Software Protection Platform;c:\windows\System32\OSPPSVC.EXE [4/8/2009 17:37 4319136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/10/2009 00:13 101936]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [8/9/2009 00:26 234496]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [8/9/2009 00:26 7424]
S2 AntipPro2009_100;AntipyProex;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [11/18/2008 20:17 23888]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [8/16/2009 16:46 38160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: S&end to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Kolombok\AppData\Roaming\Mozilla\Firefox\Profiles\p0go1i97.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 00:50
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\System32\wlanext.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\stacsv.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-08-17 0:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-17 05:56

Pre-Run: 165,438,668,800 bytes free
Post-Run: 162,674,937,856 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
363 --- E O F --- 2009-08-16 08:02

Welcome to Lockergnome.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Quote:

Driver:: AntipPro2009_100 File:: c:\windows\System32\winauc.exe Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pr0xy x"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.