Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection created another user in safe mode


  • This topic is locked This topic is locked
69 replies to this topic

#1 hamdog1

hamdog1

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 02 September 2010 - 03:11 PM

My computer has been infected by something, and none of the anti-virus or anti-malware programs seem to be able to find it. But I keep getting messages that there is another user lurking on my computer somewhere.

A Norton 360 full scan detects no threats. Spybot detects nothing and neither does ad-aware. SuperAntiSpyware only scans part of the registry, and then speeds up dramatically and doesn't register that it scans any part of the registry after about item 1860. It speeds through the rest of the registry check (it takes about 45 seconds) and then starts working again when it scans files. At the end, all it detected was a tracking cookie from bleeping computer.com.

Here are the symptoms I know of:

When I start up in safe mode, it asks me if I want to log in as owner or administrator. I can get into Administrator, but there are almost no programs running and only non-operational images of anti-virus/malware programs available. When I open control panel (both in safe mode and normal) it shows only one user and a guest account that is not operational.

Just recently I've gotten a few messages about IP address conflicts and, when I shut down, I sometimes get a message that there's another user logged in and they will lose data when I shut down.

The scan I did for this post shows a site called rbs.com/usgateway2 as a trusted site for internet searches. I didn't put that site there, and I'm sure I removed it a few days ago when I was trying to clean up the list. (Since the scan, I have removed it from the trusted site list and tried to block that site by typing it in the blocked sites list, but IE won't let me because it says it's listed somewhere else. I was able to get it to put *.rbs.com in the list of sites to block, but I don't know if it will override it).

I was able to get the first two items that the bleepingcomputer guide asked for (dds and attach). However the gmer program didn't act like it was supposed to. When I extracted the files, the program automatically ran. I wasn't able to uncheck any boxes. It zipped through the analysis in 20-30 seconds. When I tried to save to the desktop, the txt file wouldn't appear. I was able to find it by doing a search of the .txt files, but when I tried to drag it to the desktop, Windows gave me a message that it was already there. (It may be, but it's invisible). I tried to name it something else, but that didn't work either, so I've had to cut and paste after opening from the search window.

I'll both apologize and warn you up front. After doing much research, I realize I didn't have adequate security or software on the computer until now. I only installed Norton 360 a few days ago, and it said that I had way to many programs on the computer. I've removed a lot of them, and it has speeded up the computer a lot. I've also installed and uninstalled a number of anti-spyware anti-malware programs in the last few days. I hope that won't complicate things too much. The only action I've taken since the scans I'm attaching were what I described above....to try to block that rbs website through internet explorer's security options. I promise to resist doing anything else till I hear from you. Thank you in advance.

DDS:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 11:29:50.68 on Thu 09/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.138 [GMT -5:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============


C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton Security Suite\Engine\4.0.0.127\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\BleepingLog.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://srch-us4.hpwis.com/
uWindow Title = Microsoft Internet Explorer provided by Comcast
mSearch Bar = hxxp://srch-us4.hpwis.com/
mWindow Title = Microsoft Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = localhost
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.0.0.127\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.0.0.127\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.0.0.127\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C6139A57-16FB-4FA4-8045-A847FBFFD695} - No File
TB: {08FCF7E3-5F7D-444E-8554-76A516EB3C6C} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [<NO NAME>] "c:\program files\internet explorer\iexplore.exe" http://www.symantec.com/techsupp/servlet/P...000097.000001cd
mRun: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
mRun: [KBD] "c:\hp\kbd\KBD.EXE"
mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
mRun: [S3TRAY2] "c:\windows\system32\S3tray2.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [HPDJ Taskbar Utility] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe"
mRun: [HPHmon03] "c:\windows\system32\hphmon03.exe"
mRun: [CXMon] "c:\program files\hewlett-packard\photosmart\photo imaging\Hpi_Monitor.exe"
mRun: [USSShReg] "c:\progra~1\uleads~1\uleadp~1.2\ssaver\Ussshreg.exe" /r
mRun: [SM1BG] "c:\windows\SM1BG.EXE"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [QD FastAndSafe]
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PS2] "c:\windows\system32\ps2.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpcent~1.lnk - c:\program files\hp center\137903\program\BackWeb-137903.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/
IE: {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/
IE: {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: 1stsource.com
Trusted Zone: 53.com
Trusted Zone: aaa.com
Trusted Zone: abanet.org
Trusted Zone: abtelectronics.com
Trusted Zone: acehardware.com
Trusted Zone: aceraft.com\www
Trusted Zone: adlerplanetarium.org
Trusted Zone: adobe.com
Trusted Zone: advanceautoparts.com\shop
Trusted Zone: allegius.org
Trusted Zone: allstate.com
Trusted Zone: amazon.com
Trusted Zone: animalshelter.org
Trusted Zone: apple.com
Trusted Zone: applianceguru.com
Trusted Zone: apwg.org
Trusted Zone: arhaus.com
Trusted Zone: athomeatlast.com
Trusted Zone: att.com
Trusted Zone: auburncc.org
Trusted Zone: aureliospizza.com\www
Trusted Zone: autopartswarehouse.com\www
Trusted Zone: autozone.com
Trusted Zone: baileysdiscountcenter.com
Trusted Zone: bankofamerica.com
Trusted Zone: bankrate.com
Trusted Zone: batteriesplus.com
Trusted Zone: bbc.co.uk\www
Trusted Zone: bcbsil.com
Trusted Zone: bedbathandbeyond.com
Trusted Zone: bellparts.com
Trusted Zone: bestbuy.com
Trusted Zone: biggreenegg.com\www
Trusted Zone: bing.com
Trusted Zone: boomchair.com\www
Trusted Zone: bradsdeals.com
Trusted Zone: briggsandstratton.com
Trusted Zone: bsu.edu\www
Trusted Zone: canon.com\*.usa
Trusted Zone: carmax.com
Trusted Zone: carsdirect.com\www
Trusted Zone: cbslocal.com\wbbm
Trusted Zone: cbsmarketwatch.com
Trusted Zone: centier.com
Trusted Zone: chase.com
Trusted Zone: chefschoice.com
Trusted Zone: chicagobar.org
Trusted Zone: chicagobusiness.com
Trusted Zone: chicagojazzfestival.org
Trusted Zone: chicagokayak.org
Trusted Zone: chicagotribune.com
Trusted Zone: chicagoweathercenter.com\www
Trusted Zone: citibank.com
Trusted Zone: citigroup.com
Trusted Zone: classicspeakerpages.net\www
Trusted Zone: cnbc.com
Trusted Zone: cnet.com
Trusted Zone: cnn.com
Trusted Zone: comcast.com
Trusted Zone: comcast.net
Trusted Zone: comcastsupport.com\www
Trusted Zone: comfortinn.com
Trusted Zone: comfortinn.com\www
Trusted Zone: consumerreports.org
Trusted Zone: cornell.edu
Trusted Zone: costco.com
Trusted Zone: craftsman.com
Trusted Zone: crateandbarrel.com
Trusted Zone: creeksidegolfcourse.com
Trusted Zone: csgnetwork.com
Trusted Zone: culligan.com
Trusted Zone: culturedstone.com
Trusted Zone: custhelp.com\logitech-en-amr
Trusted Zone: deadontools.com
Trusted Zone: deere.com
Trusted Zone: deltaportercable.com
Trusted Zone: dickssportinggoods.com
Trusted Zone: diynetwork.com
Trusted Zone: doorlinkmfg.com
Trusted Zone: dormanproducts.com\www
Trusted Zone: ea.com
Trusted Zone: eagames.com
Trusted Zone: earthadventures.com
Trusted Zone: edmunds.com
Trusted Zone: eldoradostone.com
Trusted Zone: ellisisland.org
Trusted Zone: ems.com
Trusted Zone: eoutage.com
Trusted Zone: epicurious.com
Trusted Zone: equiserve.com
Trusted Zone: ethanallen.com
Trusted Zone: evanovich.com
Trusted Zone: evergreenjuices.com
Trusted Zone: excellpressurewasher.com\www
Trusted Zone: exeloncorp.com
Trusted Zone: expedia.com
Trusted Zone: experian.com\www
Trusted Zone: expertvillage.com
Trusted Zone: faa.gov
Trusted Zone: fastcle.com
Trusted Zone: fastcle.org
Trusted Zone: fatwallet.com
Trusted Zone: fatwallet.com\www
Trusted Zone: fda.gov
Trusted Zone: fdic.gov
Trusted Zone: fedex.com
Trusted Zone: fema.gov
Trusted Zone: ferc.gov
Trusted Zone: fidelity.com
Trusted Zone: findlaw.com
Trusted Zone: finehomebuilding.com\www
Trusted Zone: finewoodworking.com\www
Trusted Zone: firstambank.com
Trusted Zone: firstmidwest.com
Trusted Zone: fishweb.com
Trusted Zone: foodnetwork.com
Trusted Zone: foodtv.com
Trusted Zone: footlocker.com
Trusted Zone: forestparkgolfcourse.com
Trusted Zone: frankmiller.com\www
Trusted Zone: fredsmusicandbbq.com\www
Trusted Zone: gamestop.com\www
Trusted Zone: gardeners.com
Trusted Zone: gardenweb.com
Trusted Zone: garmin.com
Trusted Zone: garygasprices.com
Trusted Zone: gcmtravel.com
Trusted Zone: geappliances.com
Trusted Zone: getizoom.com
Trusted Zone: ghbass.com
Trusted Zone: gmpartsdirect.com\www
Trusted Zone: golfsmith.com
Trusted Zone: goodmantheatre.org
Trusted Zone: google.com
Trusted Zone: grainger.com
Trusted Zone: grantsappliance.com
Trusted Zone: harborfreight.com
Trusted Zone: harborhonda.com
Trusted Zone: harrisbank.com
Trusted Zone: hgtv.com
Trusted Zone: hgtv.com\*.ratemyspace
Trusted Zone: hobbygreenhouse.org\www
Trusted Zone: holmesonhomes.com
Trusted Zone: homedepot.com
Trusted Zone: honda.com
Trusted Zone: hondapartsdeals.com
Trusted Zone: hoosiercanoeclub.org
Trusted Zone: hoover.com
Trusted Zone: hoskinghardwood.com
Trusted Zone: howstuffworks.com
Trusted Zone: hp.com
Trusted Zone: hulu.com\www
Trusted Zone: iams.com
Trusted Zone: iardc.org\www
Trusted Zone: icovia.com\indianafurniture
Trusted Zone: idealdoors.com
Trusted Zone: ihcubcadet.com
Trusted Zone: illinois.gov\*.icc
Trusted Zone: in.gov
Trusted Zone: indianaoutfitters.com
Trusted Zone: indot.org
Trusted Zone: internetlumber.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: invisiblefence.com
Trusted Zone: irs.gov
Trusted Zone: isba.org
Trusted Zone: jackssmallengines.com
Trusted Zone: k12.oh.us\dw.d3a2.esu
Trusted Zone: kaango.com
Trusted Zone: kangoo.com
Trusted Zone: kaspersky.com\www
Trusted Zone: kentcare.com
Trusted Zone: kentkare.com
Trusted Zone: kmart.com\www
Trusted Zone: kohls.com
Trusted Zone: kohlscorporation.com
Trusted Zone: komando.com
Trusted Zone: kregtool.com
Trusted Zone: landsend.com
Trusted Zone: lasallebank.com
Trusted Zone: lavasoft.com
Trusted Zone: lecreuset.com
Trusted Zone: leevalley.com
Trusted Zone: leucreuset.com
Trusted Zone: lib.in.us\*.hip.lakeco
Trusted Zone: lib.in.us\*.wpl
Trusted Zone: lib.in.us\www.pcpls
Trusted Zone: linksys.com
Trusted Zone: linksysbycisco.com
Trusted Zone: llbean.com
Trusted Zone: logitech.com\www
Trusted Zone: mabpaints.com
Trusted Zone: macworld.com
Trusted Zone: managemyhome.com
Trusted Zone: mapmuse.com
Trusted Zone: mapmuse.com\*.so
Trusted Zone: mapmuse.org
Trusted Zone: mappoint.net
Trusted Zone: mapquest.com
Trusted Zone: marketwatch.com
Trusted Zone: mcleboard.org\www
Trusted Zone: menards.com
Trusted Zone: merriam-webster.com
Trusted Zone: microsoft.com
Trusted Zone: milwaukeetool.com\www
Trusted Zone: msn.com
Trusted Zone: msnbc.com
Trusted Zone: mtdproducts.com\*.manuals
Trusted Zone: mycheats.com
Trusted Zone: mysqueezebox.com\www
Trusted Zone: napaonline.com
Trusted Zone: narr.com\www
Trusted Zone: nasa.gov
Trusted Zone: netflix.com
Trusted Zone: netgear.com
Trusted Zone: newbalance.com
Trusted Zone: newwoodworker.com
Trusted Zone: newyankee.com
Trusted Zone: nictd.com
Trusted Zone: nintendo.com
Trusted Zone: nipsco.com
Trusted Zone: nisource.com
Trusted Zone: norton.com
Trusted Zone: npr.org
Trusted Zone: nps.gov
Trusted Zone: nutritiondata.com
Trusted Zone: nwitimes.com
Trusted Zone: nytimes.com
Trusted Zone: officedepot.com
Trusted Zone: oneofakindpets.org
Trusted Zone: outpostsports.com
Trusted Zone: overstock.com
Trusted Zone: paddlermagazine.com
Trusted Zone: panasonic.com
Trusted Zone: partsgeek.com\www
Trusted Zone: pbs.org
Trusted Zone: pcworld.com
Trusted Zone: pendleton-usa.com\www
Trusted Zone: perceptionkayaks.com
Trusted Zone: petco.com
Trusted Zone: petsmart.com
Trusted Zone: pih.org
Trusted Zone: pizzahut.com\quikorder
Trusted Zone: pizzahut.com\www
Trusted Zone: pjm.org
Trusted Zone: pogo.com
Trusted Zone: popularmechanics.com
Trusted Zone: popularwoodworking.com
Trusted Zone: porterco.org
Trusted Zone: post-trib.com
Trusted Zone: pumpsfitnessinc.com
Trusted Zone: rbs.com\usgateway2
Trusted Zone: rd.com
Trusted Zone: rei.com
Trusted Zone: relayhealth.com
Trusted Zone: remusfarms.com
Trusted Zone: repairclinic.com
Trusted Zone: restaurant.com
Trusted Zone: rockler.com\www
Trusted Zone: roomzaar.com
Trusted Zone: roxio.com
Trusted Zone: sears.com
Trusted Zone: searshome.com
Trusted Zone: searshome101.com
Trusted Zone: searsoptical.com
Trusted Zone: searspartsdirect.com
Trusted Zone: sheddaquarium.org\www
Trusted Zone: sherwin-williams.com
Trusted Zone: sherwin.com
Trusted Zone: shopnotes.com
Trusted Zone: sierratradingpost.com
Trusted Zone: sirius.com
Trusted Zone: slickdeals.net
Trusted Zone: smartmoney.com
Trusted Zone: speakeasy.net
Trusted Zone: staples.com
Trusted Zone: stapleseasyrebates.com
Trusted Zone: staplesrewardscenter.com
Trusted Zone: state.il.us
Trusted Zone: state.il.us\*.eweb.icc
Trusted Zone: state.in.us
Trusted Zone: state.mn.us\*.dot
Trusted Zone: state.nj.us
Trusted Zone: subaru.com
Trusted Zone: subaruofmerrillville.com
Trusted Zone: subaruofmichiana.com\www
Trusted Zone: suntimes.com
Trusted Zone: superantispyware.com\www
Trusted Zone: superganley.com\www
Trusted Zone: symantec.com
Trusted Zone: target.com
Trusted Zone: taunton.com
Trusted Zone: techcu.com
Trusted Zone: techcu.org
Trusted Zone: theonion.com
Trusted Zone: thestreet.com
Trusted Zone: thetimesonline.com
Trusted Zone: thosmoser.com\www
Trusted Zone: ticketmaster.com
Trusted Zone: tirerack.com
Trusted Zone: toshiba.com
Trusted Zone: toshibadirect.com
Trusted Zone: town-country-market.com
Trusted Zone: tractorsupply.com
Trusted Zone: treasurydirect.gov
Trusted Zone: trendmicro.com
Trusted Zone: tripadvisor.com\www
Trusted Zone: truecar.com\www
Trusted Zone: turnerclassicmovies.com
Trusted Zone: ups.com
Trusted Zone: uscourts.gov
Trusted Zone: usgs.gov
Trusted Zone: usnews.com
Trusted Zone: usps.com
Trusted Zone: valpo.edu
Trusted Zone: vanns.com
Trusted Zone: vehix.com
Trusted Zone: verizon.com
Trusted Zone: verizonwireless.com
Trusted Zone: wbbm-780.com
Trusted Zone: wbbm780.com
Trusted Zone: wbez.org\www
Trusted Zone: weather.com
Trusted Zone: weightwatchers.com
Trusted Zone: wgntv.com
Trusted Zone: wholefoods.com
Trusted Zone: wildbirdsunlimited.com
Trusted Zone: wildoats.com
Trusted Zone: wimp.com\www
Trusted Zone: woodcraft.com
Trusted Zone: woodmagazine.com
Trusted Zone: woodnet.com
Trusted Zone: woodpeck.com\www
Trusted Zone: woodsmith.com
Trusted Zone: woodworkersjournal.com
Trusted Zone: woodworkingshop.com\www
Trusted Zone: woodworld.com\www
Trusted Zone: workbenchmagazine.com
Trusted Zone: wsj.com
Trusted Zone: wttw.com
Trusted Zone: wviz.org
Trusted Zone: wycc.org
Trusted Zone: wycc.tv
Trusted Zone: xmradio.com
Trusted Zone: yahoo.com
Trusted Zone: youtube.com
Trusted Zone: zdnet.com
Trusted Zone: zenith.com
Trusted Zone: zennioptical.com\www
DPF: Blackjack Carnival by pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/vbjack2/vbjack2-en_US.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Sweet Tooth 2 by Pogo - hxxp://game3.pogo.com/v/9.2.0.14/applet/sweettooth2/sweettooth2-en_US.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {01118400-3E00-11D2-8470-0060089874ED} - hxxp://activex.microsoft.com/objects/ocget.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://java.auburncc.org/Citrix/MetaFrame/ICAWEB_common/en/ica32/wficat.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.eoutage.com/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260885638218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260885620921
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37606.2555671296
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\6uk4433b.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-9-2 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-9-2 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-10 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-9-2 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-9-2 116784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-31 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100830.002\IDSXpx86.sys [2010-9-2 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100902.004\NAVENG.SYS [2010-9-2 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100902.004\NAVEX15.SYS [2010-9-2 1362608]
RUnknown SASDIFSV;SASDIFSV; [x]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-18 135664]
S4 NAVAP;NAVAP;\??\c:\windows\system32\drivers\navap.sys --> c:\windows\system32\drivers\NAVAP.SYS [?]

=============== Created Last 30 ================

2010-09-02 15:26:42 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-09-02 15:26:28 0 d-----w- c:\program files\SUPERAntiSpyware
2010-08-31 18:16:48 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-08-31 18:16:47 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-31 18:15:37 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-31 18:15:37 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-31 18:15:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-31 18:15:37 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-31 18:11:57 0 d-----w- c:\windows\system32\drivers\N360
2010-08-31 18:11:35 0 d-----w- c:\program files\Norton Security Suite
2010-08-30 18:51:27 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-08-30 16:17:07 1185 ----a-w- c:\windows\Pltwty01.ini
2010-08-28 17:13:28 0 d-----w- c:\program files\Trend Micro
2010-08-26 15:20:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-08-26 15:20:34 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-23 14:50:19 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-08-23 14:48:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 14:48:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-23 14:48:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-23 14:48:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-22 22:02:55 677 ----a-w- c:\windows\wininit.ini
2010-08-22 18:54:39 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-22 18:54:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-08-21 19:55:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-21 19:54:42 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-08-21 19:54:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-08-21 19:51:53 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-21 19:47:31 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-21 19:44:35 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-08-21 19:44:35 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-08-21 19:44:12 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-08-21 19:40:24 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-08-21 19:38:22 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-08-21 19:34:58 1089593 ------w- c:\windows\system32\dllcache\ntprint.cat
2010-08-21 19:33:56 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-08-21 19:33:40 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-08-21 19:31:13 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-08-21 19:31:04 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-08-21 12:04:06 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

==================== Find3M ====================

2010-09-02 14:51:44 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 22:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-19 03:18:10 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2008-10-21 21:12:49 0 ----a-w- c:\program files\temp01
2003-08-27 19:19:18 36963 ----a-r- c:\program files\common files\SM1updtr.dll
2001-07-22 02:45:40 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2003-08-27 20:42:26 32 --sha-w- c:\windows\{B094B878-9365-43A1-A258-CFAB7F0FF98D}.dat
2003-08-27 20:42:26 32 --sha-w- c:\windows\{BC547B02-B528-4971-9BB3-1F8AF8CB0B58}.dat
2003-08-27 20:42:26 32 --sha-w- c:\windows\{BF595EC2-EF5D-4D39-B5EB-CDFF7DFC7AB2}.dat
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
2003-08-27 20:42:26 32 --sha-w- c:\windows\system32\{16B2057D-51A7-4B4A-B0FC-4186B78F262F}.dat
2003-08-27 20:42:26 32 --sha-w- c:\windows\system32\{238B100F-E525-490F-B08A-67878DA7EA76}.dat
2003-08-27 20:42:26 32 --sha-w- c:\windows\system32\{89C44107-1687-444F-81CE-731968B75B36}.dat

============= FINISH: 11:32:48.79

This is the best I could get with GMER


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-02 13:48:33
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pwldapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 11 September 2010 - 06:58 PM

Hello and welcome to Bleeping Computer

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT
  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


In your reply, please post both OTL logs


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 hamdog1

hamdog1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 13 September 2010 - 04:50 PM

Dear Etavares,

Thank you for responding and being willing to help. Here are the two files you requested.

Hamdog1


OTL Extras logfile created on: 9/13/2010 3:27:19 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 133.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.67 Gb Total Space | 40.95 Gb Free Space | 57.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-67682326-2008529862-3894602836-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\PROGRA~1\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\hp center\137903\Program\BackWeb-137903.exe" = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- ()
"C:\Program Files\support.com\bin\tgcmd.exe" = C:\Program Files\support.com\bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1E6ADBB1-4D4E-4A02-A269-75243222C467}" = GemMaster 2
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 21
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3E908702-AF35-4611-9518-955DA24B7E07}" = Microsoft XML Parser and SDK
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{419C98C4-D884-4174-B710-CBF3863767DA}" = Space Rocks
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{62F79C52-E264-44ab-ABC2-7BEA2962C70D}" = 5500Trb
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6D4E56A1-22EE-44d8-BD14-7B9FB7F80D1B}" = 5500_Help
"{6E657D86-77B8-4D97-9E31-7D374469D3CB}" = Atomic Pop
"{6F0DE0D5-2556-4A64-9892-07BAE121B7EC}" = SabreWing 2
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{7279647E-8661-48DF-998E-E7DCC3E6955D}" = Microsoft Office Live Meeting 2005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C23496-A105-4b6f-B8F0-22523DFE4E4E}" = 5500
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B4BB888-B44E-4B91-BEE9-FE14B312B58C}" = Sonic Foundry Super Duper Music Looper XPress
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{8214CC02-6271-4DC8-B8DD-779933450264}" = HP RecordNow
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AF0DBCA4-1DBA-4507-89CC-883B25920FFB}" = War Games Virtual Warfare Demo
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B279B0DA-6F60-4FBD-9847-0C9AB79A3674}" = PigPen
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BF225650-36EB-45E8-9666-572A88F31D59}" = Dark Orbit
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C380CA3A-4DE3-11D4-B351-00B0D04BB45E}" = McAfee QuickClean
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4544EA-C189-41FE-9E3A-76591DDB852B}" = Roxio Easy Media Creator 7
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CCA4002D-3744-45AD-88E0-2573815C1C3A}" = PhotoImpact Pro
"{CDBFDD5B-50E0-4021-94AF-516B80509ABE}" = 5500Tour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D6CAB2F4-26A4-48F4-A35D-CA83063E3928}" = Speedway
"{D6F6456A-DB80-4769-985C-E4F9342202D0}" = Blasterball Wild
"{DA9F6EF5-E48A-4E45-BC57-AA16193763B7}" = Detto IntelliMover
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"ACDSee" = ACDSee
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"BackWeb-137903 Uninstaller" = hp center
"Bejeweled Deluxe 1.87" = Bejeweled Deluxe 1.87
"BFGC" = Big Fish Games Client
"BFG-Mystery Case Files - Prime Suspects" = Mystery Case Files: Prime Suspects ™
"Bookworm Adventures Deluxe 1.0" = Bookworm Adventures Deluxe 1.0
"Bookworm Deluxe 1.13" = Bookworm Deluxe 1.13
"Buku Mahjongg - English" = Buku Mahjongg - English 1.0
"CCleaner" = CCleaner
"Chuzzle Deluxe 1.01" = Chuzzle Deluxe 1.01
"Citrix ICA Client" = Citrix ICA Client
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell File Manager" = Dell DJ Explorer
"eGames GameButler" = eGames GameButler
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Image Zone 3.5
"HP Photo Imaging Software" = HP Photo Imaging Software
"HP Photo Printing Software" = HP Photo Printing Software
"hp photosmart printer series" = hp photosmart printer series (Remove only)
"ie8" = Windows Internet Explorer 8
"Inactive HP Printer Drivers (Remove only)" = Inactive HP Printer Drivers (Remove only)
"KazooStudio" = KazooStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapSource" = MapSource
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSN Music Assistant" = MSN Music Assistant
"MWARELOGOFF" = Messageware Base Component
"MWARESDUSA" = Messageware Plus Pack English Dictionary
"MWARESPELL" = Messageware Plus Pack Spell Check Component
"MWARETHES" = Messageware Plus Pack Thesaurus
"MWAREZPATT" = Messageware Plus Pack Compress Attachments
"My Photo Center" = My Photo Center
"Mystery Case Files - Huntsville" = Mystery Case Files - Huntsville (remove only)
"N360" = Norton Security Suite
"Norton CleanSweep" = Norton CleanSweep
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PCDoctor" = PC-Doctor for Windows
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"Peggle Nights 1.0" = Peggle Nights 1.0
"PhotoSmart Printer Software" = PhotoSmart Printer Software
"powerOne Personal v2.0.9 for Handhelds" = powerOne Personal v2.0.9 for Handhelds
"PowerShot Utilities SlideShowMaker" = PowerShot Utilities SlideShowMaker 1.3
"PowerShot Utilities TimeTunnel" = PowerShot Utilities TimeTunnel 2.4
"PowerShot2" = Canon PowerShot 2.4
"PS2" = PS2
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"S3 Gamma" = S3 Gamma
"S3switch2" = S3 Savage4 Family Display Switch2 Utility
"Sierra Utilities" = Sierra Utilities
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"Squeezebox Server_is1" = Squeezebox Server 7.5.1
"Sweet Tooth To Go 1.1" = Sweet Tooth To Go 1.1
"Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows
"Tumble Bees To Go" = Tumble Bees To Go
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Ulead PhotoImpact 4.2" = Ulead PhotoImpact 4.2
"WildTangentDDC" = WildTangent Channel Manager
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WOLAPI" = Westwood Shared Internet Components
"Word Whomp To Go" = Word Whomp To Go
"Works2002Setup" = Microsoft Works and Money 2002 Setup Launcher
"ZoomBrowserDeInstall" = PowerShot Utilities ZoomBrowser
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
"Zuma's Revenge!" = Zuma's Revenge!

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-67682326-2008529862-3894602836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PocketMirror" = PocketMirror 3.1.3 (Standard Edition)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/7/2010 11:00:06 PM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 9/8/2010 12:00:51 AM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 9/8/2010 12:01:46 AM | Computer Name = OFFICE | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 9/8/2010 8:00:09 PM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 9/8/2010 9:00:10 PM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 9/8/2010 10:00:59 PM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 9/9/2010 1:00:51 PM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 9/9/2010 6:00:07 PM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 9/9/2010 7:00:05 PM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

Error - 9/13/2010 4:01:11 PM | Computer Name = OFFICE | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 9/7/2010 10:57:39 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 9/8/2010 9:29:19 PM | Computer Name = OFFICE | Source = E100B | ID = 262148
Description = Adapter Intel® PRO/100 VE Network Connection #2: Adapter Link Down

Error - 9/9/2010 8:37:33 AM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 9/9/2010 12:00:47 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 9/9/2010 12:43:55 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ShellHWDetection service.

Error - 9/9/2010 12:52:47 PM | Computer Name = OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service svcWRSSSDK
with arguments "" in order to run the server: {1281A68F-9E75-418F-B3AC-D5B23DD86408}

Error - 9/9/2010 12:52:48 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Webroot Spy Sweeper Engine
service to connect.

Error - 9/9/2010 12:52:48 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%1053

Error - 9/13/2010 4:15:32 PM | Computer Name = OFFICE | Source = E100B | ID = 262148
Description = Adapter Intel® PRO/100 VE Network Connection #2: Adapter Link Down

Error - 9/13/2010 4:16:31 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >

OTL logfile created on: 9/13/2010 3:27:18 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 133.00 Mb Available Physical Memory | 26.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.67 Gb Total Space | 40.95 Gb Free Space | 57.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/13 15:24:48 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/08/25 13:03:02 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/01 06:03:00 | 004,149,248 | ---- | M] () -- C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/07 09:35:45 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Washer\WasherSvc.exe
PRC - [2004/01/05 02:27:30 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2001/11/06 21:46:13 | 000,016,384 | ---- | M] () -- C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
PRC - [2001/08/09 18:06:46 | 000,045,056 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
PRC - [2001/08/03 21:24:38 | 000,311,296 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\SYSTEM32\hphmon03.exe


========== Modules (SafeList) ==========

MOD - [2010/09/13 15:24:48 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/05/14 00:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2001/11/06 21:46:13 | 000,024,576 | ---- | M] (BackWeb) -- C:\Documents and Settings\Owner\Local Settings\Temp\IadHide3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/01 06:03:00 | 004,149,248 | ---- | M] () [Auto | Running] -- C:\Program Files\Squeezebox\server\Bin\MSWin32-x86-multi-thread\mysqld.exe -- (SqueezeMySQL)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/05/25 07:13:07 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2008/11/26 11:56:31 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/02/07 09:35:45 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/11/26 14:47:40 | 000,598,856 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Washer\WasherSvc.exe -- (wwEngineSvc)
SRV - [2007/08/23 15:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 15:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/01 14:10:54 | 000,185,608 | ---- | M] (CA, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2004/01/05 02:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2001/08/03 21:24:36 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hphipm09.exe -- (Pml Driver)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\NAVAP.SYS -- (NAVAP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS -- (Freedom)
DRV - [2010/08/31 13:15:36 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/31 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100913.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/31 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/31 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/31 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100913.004\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/10 01:16:24 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/16 20:54:13 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100909.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/05 23:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 00:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 22:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 21:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 21:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 19:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/14 22:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2006/09/13 07:01:06 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/29 01:02:00 | 000,016,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\ctpdusb2.sys -- (Jukebox)
DRV - [2004/01/27 16:40:26 | 000,284,928 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/01/27 16:39:56 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/01/27 16:34:56 | 000,140,416 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/27 16:34:46 | 000,043,008 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/01/27 16:32:00 | 000,024,576 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/01/27 16:29:44 | 000,023,680 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/01/27 16:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/01/27 16:16:38 | 000,117,248 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2003/03/31 15:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/10/12 14:44:12 | 000,114,816 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys -- (S3SavageNB)
DRV - [2001/09/27 19:49:00 | 000,702,777 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/09/16 13:45:04 | 000,013,716 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 17:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 07:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/08 09:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 09:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 09:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 09:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 09:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 09:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 09:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 09:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 09:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 09:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/08/03 21:24:36 | 000,050,704 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2001/08/03 21:24:36 | 000,050,051 | R--- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2001/08/03 21:24:36 | 000,015,984 | R--- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2001/06/04 10:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us4.hpwis.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
IE - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"

FF - HKLM\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/09/02 16:01:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/08/31 13:23:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/28 11:58:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 11:54:00 | 000,000,000 | ---D | M]

[2009/12/08 12:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/09/02 11:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6uk4433b.default\extensions
[2010/08/22 12:02:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6uk4433b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/29 10:18:32 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6uk4433b.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/09/02 11:00:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/26 10:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/09/06 07:10:33 | 000,417,036 | R--- | M]) - C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14395 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\System32\ps2.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [QD FastAndSafe] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [USSShReg] C:\Program Files\Ulead Systems\Ulead PhotoImpact 4.2\SSaver\USSSHREG.EXE ()
O4 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: 1stsource.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: 53.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: aaa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: abanet.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: abtelectronics.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: acehardware.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: aceraft.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: adlerplanetarium.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: adobe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: advanceautoparts.com ([shop] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: allegius.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: allstate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: amazon.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: animalshelter.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: apple.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: applianceguru.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: apwg.org ([]http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: arhaus.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: athomeatlast.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: att.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: auburncc.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: aureliospizza.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: autopartswarehouse.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: autozone.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: baileysdiscountcenter.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: bankofamerica.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: bankrate.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: batteriesplus.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: bbc.co.uk ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: bcbsil.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: bedbathandbeyond.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: bellparts.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: bestbuy.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: biggreenegg.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: bing.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: bleepingcomputer.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: boomchair.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: bradsdeals.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: briggsandstratton.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: bsu.edu ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: canon.com ([*.usa] * in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: carmax.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: carsdirect.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: cbslocal.com ([wbbm] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: cbsmarketwatch.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: centier.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: chase.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: chefschoice.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: chicagobar.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: chicagobusiness.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: chicagojazzfestival.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: chicagokayak.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: chicagotribune.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: chicagoweathercenter.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: citibank.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: citigroup.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: classicspeakerpages.net ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: cnbc.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: cnet.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: cnn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: comcast.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: comcast.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: comcastsupport.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: comfortinn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: comfortinn.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: consumerreports.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: cornell.edu ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: costco.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: craftsman.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: crateandbarrel.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: creeksidegolfcourse.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: csgnetwork.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: culligan.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: culturedstone.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: custhelp.com ([logitech-en-amr] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: deadontools.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: deere.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: deltaportercable.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: dickssportinggoods.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: diynetwork.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: doorlinkmfg.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: dormanproducts.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: ea.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: eagames.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: earthadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: edmunds.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: eldoradostone.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: ellisisland.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: ems.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: eoutage.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: epicurious.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: equiserve.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: ethanallen.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: evanovich.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: evergreenjuices.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: excellpressurewasher.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: exeloncorp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: expedia.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: experian.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: expertvillage.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: faa.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: fastcle.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: fastcle.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: fatwallet.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: fatwallet.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: fda.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: fdic.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: fedex.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: fema.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: ferc.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: fidelity.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: findlaw.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: finehomebuilding.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: finewoodworking.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: firstambank.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: firstmidwest.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: fishweb.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: foodnetwork.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: foodtv.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: footlocker.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: forestparkgolfcourse.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: frankmiller.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: fredsmusicandbbq.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: gamestop.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: gardeners.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: gardenweb.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: garmin.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: garygasprices.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: gcmtravel.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: geappliances.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: getizoom.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: ghbass.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: gmpartsdirect.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: golfsmith.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: goodmantheatre.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: google.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: grainger.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: grantsappliance.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: harborfreight.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: harborhonda.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: harrisbank.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: hgtv.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: hgtv.com ([*.ratemyspace] * in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: hobbygreenhouse.org ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: holmesonhomes.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: homedepot.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: honda.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: hondapartsdeals.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: hoosiercanoeclub.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: hoover.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: hoskinghardwood.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: howstuffworks.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: hp.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: hulu.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: iams.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: iardc.org ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: icovia.com ([indianafurniture] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: idealdoors.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: ihcubcadet.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: illinois.gov ([*.icc] * in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: in.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: indianaoutfitters.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: indot.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: internetlumber.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: invisiblefence.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: irs.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: isba.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: jackssmallengines.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: k12.oh.us ([dw.d3a2.esu] https in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: kaango.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: kangoo.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: kaspersky.com ([usa] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: kaspersky.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: kentcare.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: kentkare.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: kmart.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: kohls.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: kohlscorporation.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: komando.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: kregtool.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: landsend.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: lasallebank.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: lavasoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: lecreuset.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: leevalley.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: leucreuset.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: lib.in.us ([*.hip.lakeco] * in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: lib.in.us ([*.wpl] * in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: lib.in.us ([www.pcpls] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: lib.in.us ([www.pcpls] https in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: linksys.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: linksysbycisco.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: live.com ([onecare] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: llbean.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: logitech.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: mabpaints.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: macworld.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: magicaljellybean.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: magicaljellybean.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: majorgeeks.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: managemyhome.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: mapmuse.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: mapmuse.com ([*.so] * in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: mapmuse.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: mappoint.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: mapquest.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: marketwatch.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: mcleboard.org ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: menards.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: merriam-webster.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: milwaukeetool.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: msn.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: msnbc.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: mtdproducts.com ([*.manuals] * in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: mycheats.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: mysqueezebox.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: napaonline.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: narr.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: nasa.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: netflix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: netgear.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: newbalance.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: newwoodworker.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: newyankee.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: nictd.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: nintendo.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: nipsco.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: nisource.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: norton.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: npr.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: nps.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: nutritiondata.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: nwitimes.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: nytimes.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: officedepot.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: oneofakindpets.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: outpostsports.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: overstock.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: paddlermagazine.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: panasonic.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: partsgeek.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: pbs.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: pcworld.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: pendleton-usa.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: perceptionkayaks.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: petco.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: petsmart.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: pih.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: pizzahut.com ([quikorder] https in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: pizzahut.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: pjm.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: pogo.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: popularmechanics.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: popularwoodworking.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: porterco.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: post-trib.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: pumpsfitnessinc.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: rd.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: rei.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: relayhealth.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: remusfarms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: repairclinic.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: restaurant.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: rockler.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: roomzaar.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: roxio.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: sears.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: searshome.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: searshome101.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: searsoptical.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: searspartsdirect.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: sheddaquarium.org ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: sherwin.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: sherwin-williams.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: shopnotes.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: sierratradingpost.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: sirius.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: slickdeals.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: slickdeals.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: smartmoney.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: speakeasy.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: staples.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: stapleseasyrebates.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: staplesrewardscenter.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: state.il.us ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: state.il.us ([*.eweb.icc] * in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: state.in.us ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: state.mn.us ([*.dot] * in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: state.nj.us ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: subaru.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: subaruofmerrillville.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: subaruofmichiana.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: suntimes.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: superantispyware.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: superganley.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: symantec.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: target.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: taunton.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: techcu.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: techcu.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: theonion.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: thestreet.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: thetimesonline.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: thosmoser.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: ticketmaster.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: tirerack.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: toshiba.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: toshibadirect.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: town-country-market.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: tractorsupply.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: treasurydirect.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: trendmicro.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: tripadvisor.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: truecar.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: turnerclassicmovies.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: ups.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: uscourts.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: usgs.gov ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: usnews.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: usps.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: valpo.edu ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: vanns.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: vehix.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: verizon.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: verizonwireless.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wbbm780.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wbbm-780.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wbez.org ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: weather.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: weightwatchers.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wgntv.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wholefoods.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wildbirdsunlimited.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wildoats.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wimp.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: woodcraft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: woodmagazine.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: woodnet.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: woodpeck.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: woodsmith.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: woodworkersjournal.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: woodworkingshop.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: woodworld.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: workbenchmagazine.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wsj.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wttw.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wviz.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wycc.org ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: wycc.tv ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: xmradio.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: youtube.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: zdnet.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: zenith.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Domains: zennioptical.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-67682326-2008529862-3894602836-1003\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plu...Detection32.cab (Device Detection)
O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} http://activex.microsoft.com/objects/ocget.dll (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://java.auburncc.org/Citrix/MetaFrame/...ca32/wficat.cab (Citrix ICA Client)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.eoutage.com/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1260885638218 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1260885620921 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7606.2555671296 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Blackjack Carnival by pogo http://game3.pogo.com/v/9.2.0.14/applet/vb...jack2-en_US.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Sweet Tooth 2 by Pogo http://game3.pogo.com/v/9.2.0.14/applet/sw...ooth2-en_US.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.72.134 68.87.77.134
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 16:36:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5033377c-4906-11dc-87d5-00e0184f3a17}\Shell\AutoRun\command - "" = G:\Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HotSync Manager.lnk - C:\PROGRA~1\Palm\HOTSYNC.EXE - File not found
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: cctray - hkey= - key= - C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
MsConfig - StartUpReg: Imonitor - hkey= - key= - C:\Program Files\McAfee\QuickClean\Plguni.exe (Network Associates Technologies, Inc.)
MsConfig - StartUpReg: Index Washer - hkey= - key= - C:\Program Files\Webroot\Washer\WashIdx.exe (Webroot Software, Inc.)
MsConfig - StartUpReg: McAfee.InstantUpdate.Monitor - hkey= - key= - C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe (Networks Associates Technologies, Inc.)
MsConfig - StartUpReg: Microsoft Works Update Detection - hkey= - key= - c:\Program Files\Microsoft Works\WkDetect.exe File not found
MsConfig - StartUpReg: Window Washer - hkey= - key= - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/13 15:15:10 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/09 12:00:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/09/09 11:47:32 | 000,428,032 | ---- | C] (Webroot Software, Inc) -- C:\WINDOWS\WRServices.dll
[2010/09/02 17:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\keyfinder
[2010/09/02 13:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gmer
[2010/09/02 10:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/09/02 10:26:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/02 10:22:15 | 009,333,808 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\CreepRemover.exe
[2010/09/02 10:13:51 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/09/02 10:13:50 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/09/02 10:13:50 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/09/02 10:13:50 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/09/02 10:13:49 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/09/02 10:13:49 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/09/02 10:13:49 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/09/02 10:13:48 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/09/02 09:36:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/02 07:28:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/08/31 13:15:37 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/31 13:15:37 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/31 13:11:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/08/31 13:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Suite
[2010/08/31 12:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2010/08/30 16:15:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Spyware
[2010/08/30 13:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/28 12:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/26 10:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/26 10:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/23 09:50:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/08/23 09:48:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/23 09:48:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/23 09:48:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/23 09:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/22 13:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/22 13:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/21 07:04:06 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/20 22:52:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/08/20 22:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2004/04/14 12:30:25 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/13 15:24:48 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/09/13 15:05:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C905075A-D835-4B70-9B1E-65073D587CCA}.job
[2010/09/13 15:05:04 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/13 15:01:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/13 15:01:17 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/13 14:59:20 | 000,000,249 | ---- | M] () -- C:\WINDOWS\System\HPSYSDRV.DAT
[2010/09/13 14:59:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/13 14:59:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/13 14:58:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/13 14:58:56 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 09:50:36 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/09/10 09:50:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/09/09 17:06:31 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/07 22:42:05 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Cut from ACDsee install notepad.doc
[2010/09/07 22:41:00 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/09/06 07:10:33 | 000,417,036 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/09/02 17:29:27 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Microsoft Office Key.doc
[2010/09/02 17:21:42 | 000,348,468 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\keyfinder.zip
[2010/09/02 13:30:26 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/09/02 12:57:58 | 000,002,032 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/09/02 12:57:08 | 000,677,454 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/09/02 11:28:35 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BleepingLog.scr
[2010/09/02 11:17:36 | 000,073,296 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/02 10:26:35 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/02 10:22:23 | 009,333,808 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\Desktop\CreepRemover.exe
[2010/09/02 09:42:36 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/02 09:09:19 | 000,000,987 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/31 14:46:43 | 000,004,416 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2010/08/31 13:15:36 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/31 13:15:36 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/31 13:15:36 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/31 13:15:36 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/31 12:53:54 | 000,000,836 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Norton Installation Files.lnk
[2010/08/30 22:21:50 | 002,113,310 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/30 11:31:33 | 000,000,037 | ---- | M] () -- C:\WINDOWS\btw.ini
[2010/08/30 11:31:16 | 000,000,020 | ---- | M] () -- C:\WINDOWS\viewer.ini
[2010/08/30 11:17:07 | 000,001,185 | ---- | M] () -- C:\WINDOWS\Pltwty01.ini
[2010/08/29 07:17:13 | 000,001,401 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\MalwarebytesLog1
[2010/08/27 21:26:19 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\archive2007.pst
[2010/08/27 21:26:18 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\archive2006.pst
[2010/08/27 21:26:16 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\CorporateJune2004.pst
[2010/08/27 21:26:14 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\InboxJan2007.pst
[2010/08/27 21:26:08 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Passwords.pst
[2010/08/22 23:28:17 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Underground Weather.url
[2010/08/22 23:24:48 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CNN.com - Breaking News, U.S., World, Weather, Entertainment & Video News.url
[2010/08/22 23:24:14 | 000,000,278 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Iceland Meteorological office - Earthquakes Iceland.url
[2010/08/22 23:23:52 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Latest Earthquakes in the World - Past 7 days.url
[2010/08/22 21:54:47 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Slickdeals.net The best coupons, deals and bargains to save you money!.url
[2010/08/22 19:13:51 | 000,000,343 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Play Games for Free Online and Win Prizes Pogo Games.url
[2010/08/22 18:54:38 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\In Private Filtering.doc
[2010/08/22 17:38:10 | 000,416,805 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100826-113647.backup
[2010/08/22 17:03:22 | 000,000,677 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/08/22 13:55:13 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/22 13:55:12 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/21 23:45:17 | 000,000,220 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Coupons, Deals, and Cash Back Shopping - FatWallet.com.url
[2010/08/21 22:24:26 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2010/08/21 22:10:08 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/21 22:10:08 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/21 22:10:05 | 000,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/21 12:43:53 | 000,018,412 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\cc_20100821_124325.reg
[2010/08/21 07:04:06 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/20 10:16:44 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Brad's Deals.url
[2010/08/19 14:27:07 | 000,000,177 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Amazon.url
[2010/08/17 21:49:17 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Chicago Tribune.url
[2010/08/15 13:46:59 | 000,001,910 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Local Interactive Weather Map for Valparaiso, IN (46383) - weather.com.url
[2010/08/14 17:08:15 | 000,000,348 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Chicago weather forecast and current conditions, including Tom Skilling's 7-day forecast - Chicago Weather Center.url
[2010/08/13 17:25:14 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Speakeasy - Speed Test.url
[2010/08/09 10:42:11 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Squeezebox Server.lnk
[2010/08/04 07:05:45 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ComEd - An Exelon Company Outage Map.url
[2010/07/27 10:39:39 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CCleaner.lnk
[2010/07/22 22:31:13 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\The Slickdeals Approach to Negotiating the Price of a New Car.doc
[2010/07/20 09:11:46 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Indiana Withholding.doc
[2010/06/29 10:16:29 | 000,001,631 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/29 10:16:27 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/21 19:11:13 | 000,423,936 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\magennis.doc
[2010/06/18 22:18:10 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/17 14:07:31 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Subaru script.doc
[2010/06/17 08:11:38 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Mahoney.doc
[2010/06/17 07:41:22 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Mahoney e-mail.doc
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/07 22:42:04 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Cut from ACDsee install notepad.doc
[2010/09/04 17:22:46 | 536,449,024 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/02 17:29:26 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Microsoft Office Key.doc
[2010/09/02 17:21:41 | 000,348,468 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\keyfinder.zip
[2010/09/02 13:30:26 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.zip
[2010/09/02 12:56:52 | 000,677,454 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/09/02 11:28:32 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BleepingLog.scr
[2010/09/02 10:26:35 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/02 10:13:50 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/09/02 10:13:50 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/09/02 10:13:50 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/09/02 10:13:50 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/09/02 10:13:50 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/09/02 10:13:50 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/09/02 10:13:49 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/09/02 10:13:49 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/09/02 10:13:49 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/09/02 10:13:49 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/09/02 10:13:49 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/09/02 10:13:49 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/09/02 10:13:48 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/09/02 10:13:48 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/09/02 10:13:48 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/09/02 10:13:48 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/09/02 07:28:58 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/08/31 13:15:37 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/31 13:15:37 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/31 13:15:06 | 000,002,032 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/08/31 12:53:52 | 000,000,836 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Norton Installation Files.lnk
[2010/08/30 11:17:07 | 000,001,185 | ---- | C] () -- C:\WINDOWS\Pltwty01.ini
[2010/08/29 07:17:13 | 000,001,401 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MalwarebytesLog1
[2010/08/22 18:54:38 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\In Private Filtering.doc
[2010/08/22 17:02:55 | 000,000,677 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/08/22 13:55:12 | 000,000,962 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/22 13:55:11 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2010/08/21 12:43:44 | 000,018,412 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\cc_20100821_124325.reg
[2010/08/11 22:51:08 | 000,000,220 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Coupons, Deals, and Cash Back Shopping - FatWallet.com.url
[2010/07/27 21:59:58 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Chicago weather forecast and current conditions, including Tom Skilling's 7-day forecast - Chicago Weather Center.url
[2010/07/22 22:31:12 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\The Slickdeals Approach to Negotiating the Price of a New Car.doc
[2010/07/20 09:11:46 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Indiana Withholding.doc
[2010/06/29 11:43:19 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/23 17:29:57 | 000,001,910 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Local Interactive Weather Map for Valparaiso, IN (46383) - weather.com.url
[2010/06/21 22:09:27 | 000,000,330 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ComEd - An Exelon Company Outage Map.url
[2010/06/21 19:11:11 | 000,423,936 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\magennis.doc
[2010/06/17 10:33:55 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Subaru script.doc
[2010/06/16 23:35:15 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Mahoney e-mail.doc
[2010/06/16 12:05:45 | 000,039,424 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Mahoney.doc
[2008/10/21 16:12:49 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/04/09 16:27:23 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/12/15 13:44:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\MPPAGER.INI
[2007/04/27 17:31:47 | 000,000,334 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\dm.ini
[2007/04/12 10:33:33 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/02/08 18:09:54 | 000,040,462 | ---- | C] () -- C:\WINDOWS\AD_RSRC.DLL
[2007/02/08 18:09:54 | 000,030,489 | ---- | C] () -- C:\WINDOWS\SPALETTE.DLL
[2007/02/08 18:09:54 | 000,015,344 | ---- | C] () -- C:\WINDOWS\AD_SND.DLL
[2007/02/08 18:09:54 | 000,007,168 | ---- | C] () -- C:\WINDOWS\AD_NVLNW.DLL
[2007/02/08 18:09:54 | 000,005,632 | ---- | C] () -- C:\WINDOWS\AD_AILAN.DLL
[2007/02/08 18:09:54 | 000,001,063 | ---- | C] () -- C:\WINDOWS\AD_PREFS.INI
[2007/02/08 18:09:39 | 000,243,092 | ---- | C] () -- C:\WINDOWS\ADXPL100.DLL
[2006/10/31 15:49:29 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/10/31 15:49:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/08/26 12:14:47 | 000,000,071 | ---- | C] () -- C:\WINDOWS\PEX.INI
[2006/07/08 07:07:09 | 000,000,919 | ---- | C] () -- C:\WINDOWS\vrdecor.ini
[2006/07/08 07:07:09 | 000,000,586 | ---- | C] () -- C:\WINDOWS\homsuite.ini
[2006/07/08 07:07:09 | 000,000,118 | ---- | C] () -- C:\WINDOWS\homesym.ini
[2006/06/20 11:00:47 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/24 23:46:28 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/11/24 23:46:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/11/04 15:34:01 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2005/07/16 20:37:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\imageCache7.db
[2005/02/05 15:06:00 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2005/02/05 13:45:25 | 000,000,771 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/04/17 09:17:17 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2004/01/05 02:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/11/23 17:41:12 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/11/22 21:19:39 | 000,018,940 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/09/28 07:50:25 | 000,000,120 | ---- | C] () -- C:\WINDOWS\webica.ini
[2003/08/27 18:50:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2002/11/09 07:43:39 | 000,181,760 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2002/07/07 07:29:48 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2002/07/07 07:29:44 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2002/03/09 12:08:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/02/24 11:02:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Launcher.INI
[2002/02/24 10:27:01 | 000,000,037 | ---- | C] () -- C:\WINDOWS\btw.ini
[2002/02/24 10:23:49 | 000,000,020 | ---- | C] () -- C:\WINDOWS\viewer.ini
[2002/02/24 10:23:10 | 000,000,418 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2002/01/20 13:32:16 | 000,004,416 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2002/01/20 10:04:00 | 000,002,993 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2002/01/20 10:02:38 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2002/01/19 19:15:11 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2002/01/19 19:11:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2001/11/09 13:41:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/11/08 22:43:04 | 000,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/11/06 21:50:46 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2001/11/06 21:50:46 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2001/11/06 21:45:01 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/06 21:45:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/06 21:37:54 | 000,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/06 21:21:26 | 000,000,507 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/06 21:21:26 | 000,000,317 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/06 21:21:26 | 000,000,069 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/06 20:50:13 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2001/11/06 20:50:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2001/11/06 20:49:47 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 16:40:54 | 000,000,778 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 16:31:15 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/06 08:21:55 | 000,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/08 09:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/07 20:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/05/22 20:37:50 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 12:34:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[1997/06/13 19:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2001/11/15 10:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2007/12/15 16:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/01/23 20:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2009/01/25 21:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/02/20 13:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2005/11/05 16:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/11/13 19:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/04/12 10:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/08/30 11:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2008/10/20 16:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2010/04/03 11:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Squeezebox
[2009/03/30 13:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/04/05 13:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/01/27 20:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2001/11/15 10:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2002/11/22 08:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PGP
[2002/01/20 14:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ACD Systems
[2009/01/08 12:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\EA
[2009/01/25 21:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flood Light Games
[2002/01/29 20:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Freedom
[2003/09/30 20:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2009/07/09 14:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express Viewer US-EN
[2001/11/15 10:17:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterTrust
[2002/01/19 17:31:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2003/03/31 10:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2005/11/04 16:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2002/11/20 22:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PGP
[2005/12/30 18:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Picaboo
[2009/07/09 13:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Printer Info Cache
[2009/03/30 13:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TaxCut
[2002/01/19 18:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2010/05/19 17:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2006/08/26 10:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ulead Systems
[2002/02/23 08:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VERITAS
[2010/09/13 15:05:52 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C905075A-D835-4B70-9B1E-65073D587CCA}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\dxtrans.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2010/06/23 08:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\win32k.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2001/11/06 08:25:04 | 000,090,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\default.sav
[2001/11/06 08:25:04 | 000,606,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\software.sav
[2001/11/06 08:25:04 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2010/09/02 07:44:04 | 000,006,282 | ---- | M] () -- C:\aaw7boot.log
[2007/06/29 15:13:40 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2004/03/25 17:31:50 | 000,087,040 | ---- | M] () -- C:\AMERICAN FILM INSTITUTE.xls
[2007/12/08 08:10:40 | 000,039,424 | ---- | M] () -- C:\Auburn color logo.doc
[2001/11/06 16:36:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/10/01 22:53:50 | 000,000,203 | RHS- | M] () -- C:\BOOT.INI
[2007/12/19 16:28:26 | 000,012,648 | ---- | M] () -- C:\caisslog.txt
[2003/09/28 07:50:26 | 000,000,000 | ---- | M] () -- C:\COMLOG.txt
[2001/11/06 16:36:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/03/03 10:15:47 | 000,208,360 | ---- | M] () -- C:\coreuninstall.log
[2004/06/07 14:49:16 | 000,050,688 | ---- | M] () -- C:\DVD Movies.xls
[2001/11/09 13:36:10 | 000,007,887 | ---- | M] () -- C:\FINIS_IT.TXT
[2001/09/05 23:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2010/09/13 14:58:56 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2008/08/27 20:40:55 | 000,000,164 | ---- | M] () -- C:\install.dat
[2001/11/06 16:36:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/02/07 07:57:42 | 000,000,083 | -H-- | M] () -- C:\IPH.PH
[2006/01/15 21:16:14 | 000,000,302 | ---- | M] () -- C:\log.txt
[2005/08/27 12:59:53 | 000,000,075 | ---- | M] () -- C:\LuResult.txt
[2001/11/06 16:36:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/08/24 21:39:33 | 000,001,136 | ---- | M] () -- C:\net_save.dna
[2009/06/19 15:32:20 | 000,041,984 | ---- | M] () -- C:\New Contract Schultz Aug 1, 2008.doc
[2005/10/01 22:38:49 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/15 10:24:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2007/08/06 16:00:11 | 000,003,047 | ---- | M] () -- C:\opprint.log
[2010/09/13 14:58:53 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2002/06/09 23:34:18 | 000,453,568 | ---- | M] () -- C:\PopUpStopper.exe
[2005/12/28 22:38:55 | 000,000,015 | --S- | M] () -- C:\testlog.log
[2001/11/09 17:44:03 | 000,000,008 | ---- | M] () -- C:\USER
[2006/10/09 07:21:00 | 387,480,986 | ---- | M] () -- C:\~cevts0

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/05 21:25:34 | 000,025,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\spool\prtprocs\w32x86\lmdippr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2005/10/01 22:28:38 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/15 10:16:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2005/10/01 22:28:38 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/12/15 10:16:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\drivers\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0006\DriverFiles\i386\AGP440.SYS
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2005/10/01 22:28:38 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/15 10:16:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2005/10/01 22:28:38 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/12/15 10:16:39 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\drivers\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 13:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2002/11/22 12:16:00 | 000,528,896 | ---- | M] (Microsoft Corporation) MD5=1BD18B332A07FD10BF0322C352A78078 -- C:\WINDOWS\$NtUninstallKB824141$\user32.dll
[2003/09/25 11:49:02 | 000,560,128 | ---- | M] (Microsoft Corporation) MD5=32173306185F603E75C477E117F3BB8D -- C:\WINDOWS\$xpsp1hfm$\KB824141\user32.dll
[2002/11/01 15:26:46 | 000,528,896 | ---- | M] (Microsoft Corporation) MD5=68E1F4EF02DF52CA9C5E157045D23582 -- C:\WINDOWS\$xpsp1hfm$\Q328310\user32.dll
[2007/03/08 10:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SYSTEM32\user32.dll
[2007/03/08 10:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2001/08/18 00:36:34 | 000,561,152 | ---- | M] (Microsoft Corporation) MD5=BE57A5C3ABD240514B98F6BCA872FB21 -- C:\WINDOWS\$NtUninstallQ328310$\user32.dll
[2004/08/04 02:56:46 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2005/03/02 13:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 19:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll
[2004/08/04 02:56:46 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:78E0DF72
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E428B9D4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE73B0FE
< End of report >


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 13 September 2010 - 06:20 PM

Hello, hyamdog1.





Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578






Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

You appear to have both SuperAntiSpyware and Spybot S+D installed and automatically starting up. Please only select one and disable the other from real-time proections. The logs show they're both supposted to start up, but it does appear that only SAS is running. Please double-check though.



Step 2

Scan With RKUnHooker
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




Step 3

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 hamdog1

hamdog1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 14 September 2010 - 10:55 AM

Dear Etavares,

Here are the two reports you requested. I had some trouble with Rootkit Unhooker. The first time I downloaded it to the desktop I got a message that said C/Documents&Settings/Owner/Desktop/OTL.exe is not a valid Win32 application.

I downloaded it again, and then Norton Antivirus removed it, saying that it was a rootkit. I had to turn off Norton to download it. When I opened Rootkit Unhooker, it had already run something, because there was information in several of the windows. I did find the Report and Scan buttons and was able to run the report that is attached.

I didn't want to have the same problem with MBR, so I also disabled Norton for a moment in order to download it. Right after it downloaded, I got what appeared to be a Microsoft message that said "System Settings protector has a problem and needs to close". It asked if I wanted to send the message to Microsoft, but I said no. I didn't have problems running the program, but it did say there was a non-standard or infected MBR, so I exited by pressing N.

I saw your message about Trusted Sites. I've removed just about everything from the list. In future, I'll only put it there temporarily if I need it for a website. I also saw your message about ccleaner. I hadn't used it to clean the registry yet, and based on your recommendation, I won't use it for that in the future.

I couldn't find anything that should stop Spybot from running. It showed up in the applications icons in the lower right corner, and that's where I disabled it as you requested. Just so you know, I don't shut the computer down very often. I usually just hibernate it when I'm done. If you need me to shut it down, please let me know.

Thanks again for your help.

Hamdog1


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 149):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8BB5000 \WINDOWS\system32\KDCOM.DLL
0xF8AC5000 \WINDOWS\system32\BOOTVID.dll
0xF8666000 ACPI.sys
0xF8BB7000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF8655000 pci.sys
0xF86B5000 isapnp.sys
0xF8BB9000 viaide.sys
0xF8935000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8BBB000 intelide.sys
0xF86C5000 MountMgr.sys
0xF8636000 ftdisk.sys
0xF893D000 PartMgr.sys
0xF86D5000 VolSnap.sys
0xF861E000 atapi.sys
0xF86E5000 disk.sys
0xF86F5000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF85FE000 fltmgr.sys
0xF85A8000 SYMDS.SYS
0xF8596000 sr.sys
0xF8569000 SYMEFA.SYS
0xF8945000 PxHelp20.sys
0xF8552000 KSecDD.sys
0xF84C5000 Ntfs.sys
0xF8498000 NDIS.sys
0xF8705000 viaagp.sys
0xF8715000 ohci1394.sys
0xF8725000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF847E000 Mup.sys
0xF8735000 agp440.sys
0xF8745000 amdagp.sys
0xF8775000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF87C5000 \SystemRoot\System32\DRIVERS\processr.sys
0xF735A000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF7346000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7329000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF7294000 \SystemRoot\System32\DRIVERS\ltmdmnt.sys
0xF89BD000 \SystemRoot\System32\Drivers\Modem.SYS
0xF89C5000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7280000 \SystemRoot\System32\DRIVERS\parport.sys
0xF87D5000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7416000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF87E5000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7412000 \SystemRoot\System32\DRIVERS\PS2.sys
0xF89CD000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8DD7000 \SystemRoot\system32\drivers\msmpu401.sys
0xF725C000 \SystemRoot\system32\drivers\portcls.sys
0xF87F5000 \SystemRoot\system32\drivers\drmk.sys
0xF7239000 \SystemRoot\system32\drivers\ks.sys
0xF740E000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF8805000 \SystemRoot\System32\Drivers\Imapi.SYS
0xF8815000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xF740A000 \SystemRoot\system32\drivers\pfc.sys
0xF8825000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF8835000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF8845000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF89D5000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF721C000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xF89DD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF89E5000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF71F8000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF718C000 \SystemRoot\system32\drivers\smwdm.sys
0xF8DE1000 \SystemRoot\system32\drivers\SENSUPGD.SYS
0xF8DE2000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8855000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8B59000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6E75000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8865000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF8875000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF89ED000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6E64000 \SystemRoot\System32\DRIVERS\psched.sys
0xF8885000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF89F5000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8A05000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF88D5000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8A15000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF8C4D000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6E06000 \SystemRoot\System32\DRIVERS\update.sys
0xF8B85000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF8A25000 \SystemRoot\System32\Drivers\mmc_2K.SYS
0xF88E5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8A2D000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF8915000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8C59000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8C75000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D38000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C77000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8A4D000 \SystemRoot\System32\drivers\vga.sys
0xF8C79000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8C7B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF3D68000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF3D33000 \SystemRoot\System32\Drivers\DVDVRRdr_xp.SYS
0xF8A55000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8A5D000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF3CF0000 \SystemRoot\System32\Drivers\UDFReadr.SYS
0xF8436000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF3CA3000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF3C4A000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF3BF3000 \SystemRoot\System32\Drivers\N360\0402000.00C\SYMTDI.SYS
0xF3BCE000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF3B53000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF8925000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF3B2B000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF8B51000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF3B09000 \SystemRoot\System32\drivers\afd.sys
0xF7E3C000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF3AEA000 \SystemRoot\system32\drivers\N360\0402000.00C\Ironx86.SYS
0xF7E0C000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF8B69000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7DEC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8A65000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7DDC000 \SystemRoot\system32\drivers\N360\0402000.00C\SRTSPX.SYS
0xF3AC8000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF8A6D000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF3A9D000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF3A2D000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7DCC000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8B71000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF39A7000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF398A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF390B000 \SystemRoot\system32\drivers\N360\0402000.00C\ccHPx86.sys
0xF385F000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys
0xF7C2D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF3847000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8BE5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF3CC6000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8ABD000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8DB1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF34E4000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF31FF000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8C1F000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF31B3000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF3094000 \SystemRoot\System32\DRIVERS\srv.sys
0xF2FB7000 \SystemRoot\system32\drivers\wdmaud.sys
0xF338C000 \SystemRoot\system32\drivers\sysaudio.sys
0xF3034000 \SystemRoot\System32\DRIVERS\secdrv.sys
0xF8AB5000 \??\C:\WINDOWS\System32\drivers\symlcbrd.sys
0xF2700000 \SystemRoot\System32\Drivers\HTTP.sys
0xF244E000 \SystemRoot\System32\Drivers\N360\0402000.00C\SRTSP.SYS
0xF1E2F000
0xF1E1B000
0xF1DC6000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100909.001\IDSxpx86.sys
0xF12EF000
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
604 C:\WINDOWS\SYSTEM32\smss.exe
676 csrss.exe
700 C:\WINDOWS\SYSTEM32\winlogon.exe
744 C:\WINDOWS\SYSTEM32\services.exe
756 C:\WINDOWS\SYSTEM32\lsass.exe
908 C:\WINDOWS\SYSTEM32\svchost.exe
992 svchost.exe
1040 C:\WINDOWS\SYSTEM32\svchost.exe
1192 svchost.exe
1368 svchost.exe
1376 C:\WINDOWS\explorer.exe
1496 C:\WINDOWS\SYSTEM32\spoolsv.exe
1576 svchost.exe
1692 C:\Program Files\Java\jre6\bin\jqs.exe
1744 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
1928 C:\WINDOWS\SYSTEM32\nvsvc32.exe
2036 C:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
152 C:\WINDOWS\SYSTEM32\svchost.exe
204 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
264 wdfmgr.exe
304 C:\Program Files\Webroot\Washer\WasherSvc.exe
324 C:\WINDOWS\SYSTEM\hpsysdrv.exe
444 C:\hp\KBD\KBD.EXE
340 C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\hpztsb09.exe
868 C:\WINDOWS\SYSTEM32\fxssvc.exe
932 C:\WINDOWS\SYSTEM32\hphmon03.exe
960 C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe
1072 C:\WINDOWS\SM1bg.exe
1240 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
1264 C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
2100 C:\WINDOWS\SYSTEM32\ctfmon.exe
2224 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2244 C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
2404 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2468 C:\WINDOWS\SYSTEM32\wscntfy.exe
2688 alg.exe
3620 C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
2548 C:\WINDOWS\SYSTEM32\taskmgr.exe
4092 C:\Program Files\Internet Explorer\iexplore.exe
1900 C:\Program Files\Internet Explorer\iexplore.exe
3888 C:\Documents and Settings\Owner\Desktop\OTL.exe
2668 C:\WINDOWS\notepad.exe
3080 C:\WINDOWS\notepad.exe
3520 C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
4076 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`2a14c000 (NTFS)

PhysicalDrive0 Model Number: Maxtor4D080H4, Rev: DAH017K0

Size Device Name MBR Status
--------------------------------------------
76 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CA6F9872C4F2FE0B5BB11E948B6172A5ABC749B7


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 1974272 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 15.70 )
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF1E2F000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100913.004\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0xF385F000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0xF735A000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 671744 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 15.70 )
0xF7294000 C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys 610304 bytes (LT, LT Windows Modem)
0xF84C5000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF390B000 C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xF3A2D000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF718C000 C:\WINDOWS\system32\drivers\smwdm.sys 442368 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xF39A7000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF6E06000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF3C4A000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF244E000 C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0xF3094000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF3BF3000 C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS 356352 bytes (Symantec Corporation, Network Dispatch Driver)
0xF85A8000 SYMDS.SYS 352256 bytes
0xF1DC6000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100909.001\IDSxpx86.sys 348160 bytes (Symantec Corporation, IDS Core Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF3D68000 C:\WINDOWS\System32\Drivers\cdudf_xp.SYS 286720 bytes (Roxio, CD-UDF NT Filesystem Driver)
0xF2700000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF3CF0000 C:\WINDOWS\System32\Drivers\UDFReadr.SYS 200704 bytes (Roxio, CD-UDF NT Filesystem Reader Driver)
0xF8666000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF31FF000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8498000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF8569000 SYMEFA.SYS 184320 bytes
0xF12EF000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF3A9D000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF3B2B000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF3B53000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF3BCE000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xF31B3000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF725C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF71F8000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF3D33000 C:\WINDOWS\System32\Drivers\DVDVRRdr_xp.SYS 143360 bytes (Windows ® 2000 DDK provider, DVDVR Filesystem Reader Driver)
0xF7239000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF3B09000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF3AC8000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF85FE000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF8636000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF3AEA000 C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0xF7329000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 118784 bytes (Intel Corporation, NDIS 5 driver)
0xF398A000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF721C000 C:\WINDOWS\System32\Drivers\pwd_2k.SYS 118784 bytes (Roxio, Win2000 Framework for Packet Write Driver)
0xF847E000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF861E000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF3847000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8552000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6E75000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF2FB7000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF1E1B000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100913.004\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xF7280000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7346000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF3CA3000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF8596000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8655000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6E64000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7C2D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8835000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8775000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF8715000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF87D5000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7E0C000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF87F5000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8845000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF338C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8915000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF8725000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF86F5000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF87E5000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8855000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF86D5000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8875000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8735000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF8745000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF8825000 C:\WINDOWS\System32\Drivers\Cdr4_xp.SYS 45056 bytes (Roxio, CDR4 CD and DVD Burning Helper Driver)
0xF7DCC000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8805000 C:\WINDOWS\System32\Drivers\Imapi.SYS 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF86C5000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8865000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8705000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF86B5000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF88E5000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF3034000 C:\WINDOWS\System32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF7DDC000 C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF88D5000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8815000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xF86E5000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7DEC000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8885000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7E3C000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF29C9000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF87C5000 C:\WINDOWS\System32\DRIVERS\processr.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF8925000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF89BD000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8A5D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF89C5000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8A65000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8935000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF89D5000 C:\WINDOWS\System32\Drivers\Cdralw2k.SYS 24576 bytes (Roxio, CDRAL for Windows 2000 Kernel Driver)
0xF89DD000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF89CD000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8A25000 C:\WINDOWS\System32\Drivers\mmc_2K.SYS 24576 bytes (Roxio, CD-R/RW AddOn MMC Driver (W2K))
0xF8A15000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8A6D000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF8AB5000 C:\WINDOWS\System32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF89E5000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8A4D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8A2D000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF8A55000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF893D000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF89F5000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8945000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF8A05000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF89ED000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8ABD000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8B85000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF34E4000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7412000 C:\WINDOWS\System32\DRIVERS\PS2.sys 16384 bytes (Hewlett-Packard Company, PS2 SYS)
0xF7416000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF8AC5000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF3CC6000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF740E000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF8B69000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF8B71000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8B59000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF740A000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF8436000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8B51000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF8C77000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8BE5000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8C75000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8BBB000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8BB5000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8C79000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8C1F000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF8C7B000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8C4D000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8C59000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8BB9000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8BB7000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8DE2000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8DB1000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8DD7000 C:\WINDOWS\system32\drivers\msmpu401.sys 4096 bytes (Microsoft Corporation, MPU401 Adapter Driver)
0xF8D38000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8DE1000 C:\WINDOWS\system32\drivers\SENSUPGD.SYS 4096 bytes (Sensaura Ltd, Sensaura Upgrade)
==============================================
>Stealth
==============================================


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 14 September 2010 - 05:54 PM

Hello, hamdog1.


Step 1

I'd like to get a dump of your 'unknown' MBR to know if it's an infected MBR or just a new one that I haven't seen before. What computer make/model do you have?
  • Please download mbr.exe and save it to your Desktop.
  • Open NOTEPAD and copy/paste the text in the quotebox below into it:
    CODE
    @ECHO OFF
    copy "%userprofile%\Desktop\mbr.exe" C:\windows\mbr.exe
    CD "%~DP0"
    MBR -c 0 1 "%userprofile%\Desktop\backup_mbr.zip"
    DEL %0

  • Save this as "MBRDump.bat" and select All files for Save As Type. Save it to your desktop.
  • Double-click mbrdump.bat to run it. (For Windows Vista or 7, right click, select run as administrator)
  • Attach backup_mbr.zip that appears on your desktop to your reply here.



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 hamdog1

hamdog1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 14 September 2010 - 09:19 PM

Etavares,

My computer is a Hewlett Packard Pavillion 750n.

Attached are the two reports you asked for. I couldn't download Malwarebytes from the first link you gave. It gave me an error message when I tried to run it that said "The setup files are corrupted. Please obtain a new copy of the program". The first alternate link didn't lead anywhere. The second alternate link worked and I ran the program from there.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4617

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/14/2010 6:54:17 PM
mbam-log-2010-09-14 (18-54-17).txt

Scan type: Quick scan
Objects scanned: 152048
Time elapsed: 25 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I'm new to this, but I think I've attached the mbr zip file you asked for. It was the only file created after the MBR program ran. It also generated a text file. Here's that file:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

0x1 sector(s) have been successfully saved to "C:\Documents and Settings\Owner\Desktop\backup_mbr.zip".

Thanks again,

Hamdog1

Attached Files



#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 15 September 2010 - 05:43 PM

Hello, hamdog1.

OK, we'll take a look at that. In the meantime...




Step 1


This kind of error can be a backdoor using logged on with Remote Connection. It can also be legitimate.

First, do you run remote desktop connections or terminal services yourself?




Step 2

Download and run HAMeb_check.exe
Post the contents of the resulting log.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 hamdog1

hamdog1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 15 September 2010 - 08:30 PM

Etavares,

I'm not a very sophisticated computer user, so I'm not sure what you mean. If you are asking whether I access my computer files from a remote location, the answer is no. I never tried to set it up to do that. The only thing I'm aware of that can access files on my computer is a logitech squeezebox (internet radio and music player), but that's in my house using my wifi network and it's only supposed to access music files.

Thanks,

Hamdog1


Here is the log result:

C:\Documents and Settings\Owner\Desktop\HAMeb_check.exe
Wed 09/15/2010 at 19:50:01.07

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


~~ EOF ~~

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 16 September 2010 - 06:18 PM

Hello, hamdog1.


Step 1

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.



Step 2

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 hamdog1

hamdog1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 21 September 2010 - 03:08 PM

Etavares,

Sorry for the delay in responding. I lost internet access for a few days.

I can't run a complete Kaspersky scan. It gets to C:/System Volume...C76cc327FDO}RP1929 and then the scan quits. Since the complete scan doesn't finish, I can't get scan results for a complete scan.

I tried manually scanning several System Volume folders. I rescanned the folder that stopped the scan, and it did it again at the same spot. The spot is C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1913\A0194111.exe. In that volume, I can actually watch the processes under Task Manager and see the Kaspersky Scanning Process slow down and then disappear.

I manually scanned one System Volume folder and it showed two threats, and I was able to get a text document for that scan. I've attached it. When I tried to scan the other System Volume folders, Kaspersky acts strangely. It starts to scan objects, and slowly says that 1%, 2%, 3%, 4% has been scanned, and then all of a sudden it jumps to something like 88% or 98% scanned and then says the scan is complete with nothing found. The number of objects it scans seems to vary. For some System Volume folders it will only scan 39 or 40 items before it jumps, for some 150, while others it will scan 1500 or more before it jumps to end of the scan. Kaspersky is acting similar to scans I've done with Superantispyware and the gmer scan you asked me to run. (Described in previous posts). The antivirus/spyware scans get to a certain point and then seem to zoom to the end way before they should.

One other thing I noticed with the Kaspersky scan. There is a timer on the scanner to count the amount of time the scan takes. Sometimes that clock sits still for long periods of time. I don't know if that's a delay caused by the Kaspersky site, but it takes more than twice as long to do many of the scans than the clock indicates. The full scan I tried to do completed about 85% of the files, and the clock showed only a little more than 5 hours to get that far when it really took about 10 hours in real time.

I ran Malwarebytes and it found nothing.



Thanks again for your help,

Hamdog1

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 21, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 21, 2010 09:24:22
Records in database: 4235884
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Folder:
C:\System Volume Information

Scan statistics:
Objects scanned: 2471
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 00:10:42


File name / Threat / Threats count
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1913\A0188200.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b 1
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1913\A0188201.DLL Infected: not-a-virus:AdWare.Win32.MyWay.j 1

Scanning stopped by the user.




#12 hamdog1

hamdog1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 21 September 2010 - 03:18 PM

Etavares,

I apologize. This refers to the post I made a few minutes ago. The file where the scan is stopping is

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1929\A0194111.exe not RP1913\A0194111.exe. RP1913 is where Kaspersky found the two threats.

Sorry for the confusion.

Hamdog1

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 21 September 2010 - 06:31 PM

OK, let's try ESET instead. The good news is those are leftovers and not active viruses. If worse gets to worse, you can uncheck the system volume information section as we'll purge your system restore points as part of the clean up. Here's ESET:

Hello, hamdog1.


Step 1

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push


etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 hamdog1

hamdog1
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 22 September 2010 - 04:04 PM

Etavares,

When I opened ESET Scan it had boxes for removing found threats and scanning archives. "Remove found threats" was already checked, but since your e-mail said to check the scan archives box, I guessed that you didn't want the Scan to remove the threats yet, so I unchecked the remove found threats box. I hope that was right. Here is the result of the ESET Scan. It said it found 6 threats.

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1913\A0188197.exe Win32/Agent.NVP trojan
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1913\A0188198.exe Win32/Agent.NVP trojan
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1913\A0188199.EXE Win32/Agent.NVP trojan
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1913\A0188201.DLL Win32/Adware.MyWaySpeed application
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1916\A0193191.DLL Win32/Toolbar.AskSBar application
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP1916\A0193195.DLL a variant of Win32/Toolbar.MyWebSearch application

Thanks,

Hamdog1

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 22 September 2010 - 05:29 PM

Hello, hamdog1.

Ok, those are all inactive leftovers...we'll clean that up ourselves at the end. I'm guessing you're still having those issues? What you describe may not be malware related but we can work through it. Let's run Combofix to be sure.



Step 1

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users