TechSpot

Google hijack virus - completed the 6 steps and need help

By bowneline
Mar 7, 2011
  1. I first completed steps 1-3 without any hits from the virus/malware software. My search engines are still being hijacked.

    Step 3, Malwarebytes:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5363

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/7/2011 2:26:12 PM
    mbam-log-2011-03-07 (14-26-12).txt

    Scan type: Quick scan
    Objects scanned: 206622
    Time elapsed: 17 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Step 4, GMER:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-03-07 16:17:42
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 ST380815AS rev.3.CHF
    Running: tnrfrkgc.exe; Driver: C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8B05C430 ZwAlertResumeThread
    SSDT 8AE82630 ZwAlertThread
    SSDT \SystemRoot\system32\drivers\dwprot.sys ZwAllocateVirtualMemory [0xA5D0B088]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateKey [0xA5B8F6FA]
    SSDT 8AE6E998 ZwCreateMutant
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcess [0xA5B6DF68]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcessEx [0xA5B6E230]
    SSDT \SystemRoot\system32\drivers\dwprot.sys ZwCreateThread [0xA5D0C1E0]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwDeleteKey [0xA5B900B4]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwDeleteValueKey [0xA5B9043E]
    SSDT \SystemRoot\system32\drivers\dwprot.sys ZwFreeVirtualMemory [0xA5D0B306]
    SSDT 8AF254B0 ZwImpersonateAnonymousToken
    SSDT 8AEC7270 ZwImpersonateThread
    SSDT 8AF402A8 ZwMapViewOfSection
    SSDT 8AED3630 ZwOpenEvent
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwOpenKey [0xA5B8E938]
    SSDT 8B0260A8 ZwOpenProcessToken
    SSDT \SystemRoot\system32\drivers\dwprot.sys ZwOpenSection [0xA5D0AED2]
    SSDT 8AE5BD28 ZwOpenThreadToken
    SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xBA29D8B0]
    SSDT \SystemRoot\system32\drivers\dwprot.sys ZwQueueApcThread [0xA5D0C2E2]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwRenameKey [0xA5B90982]
    SSDT 8AF58380 ZwResumeThread
    SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSetContextThread [0xA5D0C32E]
    SSDT 8AE5BDB8 ZwSetInformationProcess
    SSDT 8AF91180 ZwSetInformationThread
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwSetValueKey [0xA5B8FAB8]
    SSDT 8AF80610 ZwSuspendProcess
    SSDT 8AF4F510 ZwSuspendThread
    SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSystemDebugControl [0xA5D0AE00]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwTerminateProcess [0xA5B6D9D8]
    SSDT 8AE887F8 ZwTerminateThread
    SSDT 8AF58A30 ZwUnmapViewOfSection
    SSDT \SystemRoot\system32\drivers\dwprot.sys ZwWriteVirtualMemory [0xA5D0B416]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C90 8050452C 4 Bytes JMP 1132D017
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [10, 06, F8, 8A, 10, F5, F4, ...]
    ? system32\drivers\dwprot.sys The system cannot find the path specified. !
    ? C:\DOCUME~1\gbowne\LOCALS~1\Temp\911qXxk1.sys The system cannot find the file specified. !
    ? system32\drivers\pctDS.sys The system cannot find the path specified. !
    ? system32\drivers\pctEFA.sys The system cannot find the path specified. !
    ? system32\drivers\PCTCore.sys The system cannot find the path specified. !
    ? C:\Program Files\PC Tools Security\PCTSDInj32.sys The system cannot find the file specified. !
    ? C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpow.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001
    .text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[952] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01480001
    .text C:\Program Files\Symantec AntiVirus\SmcGui.exe[1708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02F60001
    .text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001
    .text C:\WINDOWS\system32\igfxpers.exe[2548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EB0001
    .text ...
    .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[3680] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 30F8F621 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
    .text C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE[3700] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 30F8F621 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
    .text C:\WINDOWS\system32\hkcmd.exe[3872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E00001
    .text C:\Program Files\iTunes\iTunesHelper.exe[3896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01850001

    ---- Devices - GMER 1.0.15 ----

    Device 89AA46F0
    Device 88E44C78
    Device 897E7E98
    Device 88FCA780
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device 88AFCDE0
    Device 898913A8
    Device 890267C0
    Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys

    Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys

    Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
    Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys
    Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys

    Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

    AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys

    Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
    ---- Processes - GMER 1.0.15 ----

    Library C:\Program (*** hidden *** ) @ C:\Program Files\Symantec AntiVirus\Smc.exe [1552] 0x10000000
    Library C:\Program (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1588] 0x10000000

    ---- EOF - GMER 1.0.15 ----


    Step 5, DDS:

    DDS:

    DDS (Ver_11-03-05.01) - NTFSx86
    Run by gbowne at 16:28:14.06 on Mon 03/07/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2426 [GMT -8:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Symantec AntiVirus\Smc.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec AntiVirus\SmcGui.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\gbowne\Desktop\dds.pif
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ocintranet.ocgov.com/
    uInternet Connection Wizard,ShellNext = hxxp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3459245&prodTypeId=12454&prodSeriesId=3459241&swLang=13&taskId=135&swEnvOID=1093
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: Time Matters: {00f17ece-12da-46a0-b541-bde4eb7df027} - c:\tmw7e\TMIETB.DLL
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Time Matters: {00f17ece-12da-46a0-b541-bde4eb7df027} - c:\tmw7e\TMIETB.DLL
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10m_ActiveX.exe -update activex
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [LayoutM] KLayMgr.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    Trusted Zone: efile1.occourts.org
    Trusted Zone: lexis.com
    Trusted Zone: lexisnexis.com
    Trusted Zone: microsoft.com
    Trusted Zone: ocgov.com\webproxy-1
    Trusted Zone: ocgov.com\webproxy-2
    Trusted Zone: ocgov.com\webproxy-3
    Trusted Zone: ocgov.com\webproxy-4
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217454450312
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217454501750
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://coco.sweb.ocgov.com/dana-cached/sc/JuniperSetupClient.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\gbowne\applic~1\mozilla\firefox\profiles\meiijc8o.default\
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-3 108392]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-3 108392]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2010-5-3 1831024]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-10 102448]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110303.021\NAVENG.SYS [2011-3-3 86008]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110303.021\NAVEX15.SYS [2011-3-3 1360760]
    R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctds.sys --> c:\windows\system32\drivers\pctDS.sys [?]
    R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctefa.sys --> c:\windows\system32\drivers\pctEFA.sys [?]
    RUnknown DwProt;DwProt; [x]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-5-3 23888]
    S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [2008-7-30 46976]
    S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [2004-10-24 7796]
    .
    =============== Created Last 30 ================
    .
    2011-03-07 22:08:30 -------- d-----w- c:\docume~1\gbowne\applic~1\Malwarebytes
    2011-03-07 21:40:38 -------- d-----w- c:\program files\PC Tools Security
    2011-03-07 21:40:38 -------- d-----w- c:\program files\common files\PC Tools
    2011-03-07 20:26:33 -------- d-----w- c:\documents and settings\gbowne\DoctorWeb
    2011-03-07 20:11:58 388096 ----a-r- c:\docume~1\gbowne\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-03-07 20:11:57 -------- d-----w- c:\program files\Trend Micro
    2011-03-07 19:21:55 -------- d-----w- c:\docume~1\gbowne\applic~1\f-secure
    2011-03-07 19:21:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
    2011-03-04 04:12:51 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
    2011-03-04 00:57:00 -------- dc-h--w- c:\windows\ie8
    2011-03-02 22:11:12 98304 --sha-r- c:\windows\system32\ntlanui2I.dll
    2011-02-17 22:36:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Juniper Networks
    2011-02-17 22:36:16 -------- d-----w- c:\docume~1\gbowne\applic~1\Juniper Networks
    2011-02-08 23:42:46 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
    .
    ==================== Find3M ====================
    .
    2011-02-03 05:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-03 03:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec
    2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .
    ============= FINISH: 16:28:34.49 ===============


    Attach:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/6/2008 10:18:32 AM
    System Uptime: 3/5/2011 7:38:26 AM (57 hours ago)
    .
    Motherboard: Hewlett-Packard | | 0AA8h
    Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | XU1 PROCESSOR | 2327/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 64 GiB total, 44.345 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 6.215 GiB free.
    E: is CDROM (CDFS)
    G: is NetworkDisk (NTFS) - 92 GiB total, 20.196 GiB free.
    L: is NetworkDisk (NTFS) - 92 GiB total, 20.196 GiB free.
    N: is NetworkDisk (NTFS) - 92 GiB total, 20.196 GiB free.
    T: is NetworkDisk (NTFS) - 106 GiB total, 66.742 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: PCI Serial Port
    Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_2818103C&REV_02\3&B1BFB68&0&1B
    Manufacturer:
    Name: PCI Serial Port
    PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_2818103C&REV_02\3&B1BFB68&0&1B
    Service:
    .
    Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
    Description: PS/2 Compatible Mouse
    Device ID: ACPI\PNP0F13\4&16E8443F&0
    Manufacturer: Microsoft
    Name: PS/2 Compatible Mouse
    PNP Device ID: ACPI\PNP0F13\4&16E8443F&0
    Service: i8042prt
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ACPI\IFX0102\1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\IFX0102\1
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1: 3/3/2011 4:55:04 PM - System Checkpoint
    RP2: 3/3/2011 4:59:04 PM - Installed Windows Internet Explorer 8.
    RP3: 3/3/2011 5:00:04 PM - Software Distribution Service 3.0
    RP4: 3/4/2011 3:00:15 AM - Software Distribution Service 3.0
    RP5: 3/5/2011 3:21:34 AM - System Checkpoint
    RP6: 3/6/2011 3:43:10 AM - System Checkpoint
    RP7: 3/7/2011 4:43:09 AM - System Checkpoint
    RP8: 3/7/2011 12:11:56 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    32 Bit HP BiDi Channel Components Installer
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.2
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Compatibility Pack for the 2007 Office system
    Configuration Manager Client
    Critical Update for Windows Media Player 11 (KB959772)
    High Definition Audio Driver Package - KB888111
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Help and Support
    HP Product Detection
    HP USB Smart Card Keyboard
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections 12.4.38.0
    Intel® Management Engine Interface
    InterVideo WinDVD
    iPhone Configuration Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Juniper Networks Setup Client
    Juniper Terminal Services Client
    Legal Solutions Plus
    LightScribe System Software 1.12.29.2
    LiveUpdate 3.3 (Symantec Corporation)
    LS Plus Form Installer
    LS Plus Product Browser
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    MobileMe Control Panel
    Mozilla Firefox (3.6.12)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    OGA Notifier 2.0.0048.0
    PDF-XChange 3
    QuickTime
    RDC
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype web features
    Skype™ 4.1
    Sonic Activation Module
    SoundMAX
    Symantec Endpoint Protection
    Time Matters 7.0 Enterprise - Legal Series
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    WebFldrs XP
    WIMGAPI
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/7/2011 11:38:30 AM, error: PlugPlayManager [11] - The device Root\LEGACY_FSBL\0000 disappeared from the system without first being prepared for removal.
    3/3/2011 4:55:39 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
    2/28/2011 8:48:40 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
    2/28/2011 8:44:55 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  3. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    MBRCheck report:


    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0008285c

    Kernel Drivers (total 141):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E5000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA0B8000 MountMgr.sys
    0xB9F49000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9F23000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0C8000 VolSnap.sys
    0xB9F0B000 atapi.sys
    0xBA0D8000 disk.sys
    0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9EEB000 fltmgr.sys
    0xB9ED9000 sr.sys
    0xBA0F8000 PxHelp20.sys
    0xB9EC2000 KSecDD.sys
    0xB9E35000 Ntfs.sys
    0xB9E08000 NDIS.sys
    0xB9DEE000 Mup.sys
    0xBA6E4000 \SystemRoot\system32\DRIVERS\smsmdm.sys
    0xB98B2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB932F000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xBA188000 \SystemRoot\system32\DRIVERS\HECI.sys
    0xB92F2000 \SystemRoot\system32\DRIVERS\e1e5132.sys
    0xBA3D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB92CE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA3D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB92A6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA198000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA3E0000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA3E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB9292000 \SystemRoot\system32\DRIVERS\parport.sys
    0xBA1A8000 \SystemRoot\system32\DRIVERS\serial.sys
    0xBA574000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xBA3F0000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xBA1B8000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB926F000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA3F8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0xBA1E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xBA57C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xBA6EF000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA1F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA580000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB9258000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA208000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA400000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB91FA000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA408000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA410000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB90AA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA268000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB9088000 \SystemRoot\system32\DRIVERS\teefer2.sys
    0xBA5CE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB902A000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9DCA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA288000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA2F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xA8E93000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0xA8E6F000 \SystemRoot\system32\drivers\portcls.sys
    0xBA318000 \SystemRoot\system32\drivers\drmk.sys
    0xA8E55000 \SystemRoot\system32\drivers\AEAudio.sys
    0xA8DE2000 \SystemRoot\System32\Drivers\SRTSP.SYS
    0xA8C97000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110303.021\NAVEX15.SYS
    0xA8C72000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    0xA8C5E000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110303.021\NAVENG.SYS
    0xB98CE000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xBA158000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA440000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB98CA000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB918A000 \SystemRoot\System32\Drivers\SRTSPX.SYS
    0xBA5E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA72C000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5EA000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA458000 \SystemRoot\System32\drivers\vga.sys
    0xBA5EC000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA460000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA468000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA550000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA8C2B000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA8BD2000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xBA298000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
    0xA8BAC000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xBA2A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA8B5C000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA8B3A000 \SystemRoot\System32\drivers\afd.sys
    0xBA118000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA8AD0000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
    0xA8AA5000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA8A35000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA238000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA8937000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    0xA891A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0xB915A000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xA8902000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA604000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xBA590000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA480000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA747000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
    0xBF1D9000 \SystemRoot\System32\igxpdx32.DLL
    0xA87DA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA8425000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xBA664000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xA80FD000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBF459000 \SystemRoot\System32\ATMFD.DLL
    0xA7CD4000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA7ED5000 \??\C:\WINDOWS\system32\CCM\prepdrv.sys
    0xBA4A0000 \SystemRoot\System32\Drivers\TDTCP.SYS
    0xA7B49000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xA797C000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA7DCD000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA5CF7000 \SystemRoot\system32\drivers\dwprot.sys
    0xA5CC4000 \??\C:\DOCUME~1\gbowne\LOCALS~1\Temp\911qXxk1.sys
    0xA5C42000 \SystemRoot\system32\drivers\pctDS.sys
    0xA5B9D000 \SystemRoot\system32\drivers\pctEFA.sys
    0xA5B60000 \SystemRoot\system32\drivers\PCTCore.sys
    0xA6375000 \??\C:\Program Files\PC Tools Security\PCTSDInj32.sys
    0xA5B50000 \SystemRoot\System32\drivers\ws2ifsl.sys
    0xA5780000 \??\C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpow.sys
    0xA573D000 \??\C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpoc.sys
    0xA56EA000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
    0xBA3B0000 \??\C:\DOCUME~1\gbowne\LOCALS~1\Temp\mbr.sys
    0xA545C000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 48):
    0 System Idle Process
    4 System
    860 C:\WINDOWS\system32\smss.exe
    908 csrss.exe
    932 C:\WINDOWS\system32\winlogon.exe
    976 C:\WINDOWS\system32\services.exe
    988 C:\WINDOWS\system32\lsass.exe
    1140 C:\WINDOWS\system32\svchost.exe
    1256 svchost.exe
    1392 C:\WINDOWS\system32\svchost.exe
    1552 C:\Program Files\Symantec AntiVirus\Smc.exe
    1588 svchost.exe
    1780 svchost.exe
    1880 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    236 C:\WINDOWS\system32\spoolsv.exe
    292 scardsvr.exe
    368 svchost.exe
    536 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    596 C:\WINDOWS\system32\rundll32.exe
    660 C:\Program Files\Bonjour\mDNSResponder.exe
    704 C:\Program Files\Java\jre6\bin\jqs.exe
    1344 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1468 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    1504 C:\WINDOWS\system32\svchost.exe
    1520 C:\WINDOWS\system32\svchost.exe
    1568 C:\WINDOWS\system32\svchost.exe
    1612 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    396 C:\WINDOWS\system32\CCM\CcmExec.exe
    2224 alg.exe
    2416 wmiprvse.exe
    3336 wmiprvse.exe
    3324 C:\WINDOWS\explorer.exe
    1708 C:\Program Files\Symantec AntiVirus\SmcGui.exe
    432 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    3872 C:\WINDOWS\system32\hkcmd.exe
    2428 C:\WINDOWS\system32\igfxsrvc.exe
    2548 C:\WINDOWS\system32\igfxpers.exe
    952 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    3896 C:\Program Files\iTunes\iTunesHelper.exe
    3672 C:\WINDOWS\system32\ctfmon.exe
    3028 C:\Program Files\iPod\bin\iPodService.exe
    3700 C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
    3680 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    4900 C:\Program Files\Internet Explorer\iexplore.exe
    4324 C:\Program Files\Internet Explorer\iexplore.exe
    2076 C:\Program Files\Internet Explorer\iexplore.exe
    4564 C:\Program Files\Internet Explorer\iexplore.exe
    4208 C:\Documents and Settings\gbowne\Local Settings\Temporary Internet Files\Content.IE5\X6HE2XKT\MBRCheck[1].exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000010`1aa33200 (NTFS)

    PhysicalDrive0 Model Number: ST380815AS, Rev: 3.CHF

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!

    RKUunhooker report:

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows XP
    Version 5.1.2600 (Service Pack 3)
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0xB932F000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5779456 bytes (Intel Corporation, Intel Graphics Miniport Driver)
    0xBF1D9000 C:\WINDOWS\System32\igxpdx32.DLL 2621440 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
    0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
    0x804D7000 PnpManager 2154496 bytes
    0x804D7000 RAW 2154496 bytes
    0x804D7000 WMIxWDM 2154496 bytes
    0xBF800000 Win32k 1855488 bytes
    0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1617920 bytes (Intel Corporation, Component GHAL Driver)
    0xA8C97000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110303.021\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)
    0xA5B9D000 C:\WINDOWS\system32\drivers\pctEFA.sys 675840 bytes
    0xB9E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
    0xA8A35000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xA8AD0000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 434176 bytes (Symantec Corporation, SPBBC Driver)
    0xA8937000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
    0xB902A000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
    0xA8BD2000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
    0xA80FD000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
    0xA5C42000 C:\WINDOWS\system32\drivers\pctDS.sys 356352 bytes
    0xA8E93000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 323584 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
    0xA8DE2000 C:\WINDOWS\System32\Drivers\SRTSP.SYS 307200 bytes (Symantec Corporation, Symantec AutoProtect)
    0xBF459000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0xA7CD4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0xB92F2000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 249856 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver)
    0xA5B60000 C:\WINDOWS\system32\drivers\PCTCore.sys 249856 bytes
    0xA5CC4000 C:\DOCUME~1\gbowne\LOCALS~1\Temp\911qXxk1.sys 208896 bytes
    0xB90AA000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
    0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
    0xA8425000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0xB9E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
    0xA545C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
    0xA8AA5000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
    0xB92A6000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
    0xA8B5C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
    0xA56EA000 C:\WINDOWS\system32\drivers\WpsHelper.sys 163840 bytes (Symantec Corporation, Symantec Intrusion Detection - WpsHelper)
    0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
    0xA8BAC000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
    0xA8C72000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
    0xA8E6F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0xB92CE000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0xB926F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
    0xA7B49000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
    0xA8B3A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0xB9088000 C:\WINDOWS\system32\DRIVERS\teefer2.sys 139264 bytes (Symantec Corporation, Symantec CMC Firewall Teefer2)
    0x806E5000 ACPI_HAL 134400 bytes
    0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0xA5CF7000 C:\WINDOWS\system32\drivers\dwprot.sys 131072 bytes
    0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
    0xA891A000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
    0xA8E55000 C:\WINDOWS\system32\drivers\AEAudio.sys 106496 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
    0xB9DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
    0xA573D000 C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpoc.sys 98304 bytes
    0xA5780000 C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpow.sys 98304 bytes
    0xA8902000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
    0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xB9258000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0xA797C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
    0xA8C5E000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110303.021\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
    0xB9292000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
    0xB98B2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
    0xA8C2B000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
    0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
    0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
    0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
    0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xB91FA000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
    0xB915A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0xBA1C8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0xBA1A8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
    0xBA318000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0xBA1D8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
    0xA7DCD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
    0xBA2F8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0xBA298000 C:\WINDOWS\system32\drivers\wpsdrvnt.sys 57344 bytes (Symantec Corporation, Symantec CMC Firewall WPS)
    0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
    0xBA198000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
    0xBA1F8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0xBA218000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xBA238000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
    0xBA188000 C:\WINDOWS\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel(R) Management Engine Interface)
    0xBA1B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
    0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
    0xBA208000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
    0xBA288000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
    0xB918A000 C:\WINDOWS\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
    0xBA268000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
    0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
    0xBA158000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
    0xBA1E8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
    0xBA228000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
    0xBA118000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
    0xA59F8000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0xA6375000 C:\Program Files\PC Tools Security\PCTSDInj32.sys 36864 bytes
    0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0xBA2A8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0xBA468000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
    0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0xBA3F0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
    0xBA440000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0xBA3B0000 C:\DOCUME~1\gbowne\LOCALS~1\Temp\mbr.sys 28672 bytes
    0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0xBA3F8000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0xBA3E8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
    0xBA3E0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
    0xBA4A0000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
    0xBA3D0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0xBA458000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0xBA460000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
    0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
    0xBA408000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
    0xBA410000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
    0xBA400000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
    0xBA480000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
    0xB9DCA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
    0xA87DA000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
    0xA7ED5000 C:\WINDOWS\system32\CCM\prepdrv.sys 16384 bytes (Microsoft Corporation, SMS Software Metering Process Event Driver)
    0xBA574000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
    0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
    0xBA590000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
    0xB98CE000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0xB98CA000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0xBA580000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0xBA550000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0xBA57C000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
    0xA5B50000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
    0xBA5EA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
    0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
    0xBA604000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
    0xBA5E6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
    0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0xBA5EC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
    0xBA664000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
    0xBA5EE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
    0xBA5CE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0xBA5D8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0xBA6EF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
    0xBA747000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
    0xBA72C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
    0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0xBA6E4000 C:\WINDOWS\system32\DRIVERS\smsmdm.sys 4096 bytes (Microsoft Corporation, RDP Miniport)
    0x898913A8 unknown_irp_handler 3160 bytes
    0x89AA46F0 unknown_irp_handler 2320 bytes
    0x88FCA780 unknown_irp_handler 2176 bytes
    0x890267C0 unknown_irp_handler 2112 bytes
    0x88E44C78 unknown_irp_handler 904 bytes
    0x88AFCDE0 unknown_irp_handler 544 bytes
    0x897E7E98 unknown_irp_handler 360 bytes
    ==============================================
    >Stealth
    ==============================================


    Nothing detected :(
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    Thank you very much for your help.

    I ran ComboFix. When it asked me to install a Recovery Console, I said "okay," but then it said that i was not conntected to the internet. I check my computer, it said that I was connected to the internet. So, I ran the program, but apparanlty without the Recovery Console.

    Here is the Combofix.txt:

    ComboFix 11-03-08.03 - gbowne 03/09/2011 8:57.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2895 [GMT -8:00]
    Running from: F:\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Quicktime\QTTask.exe
    D:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-08 22:07 . 2011-03-08 22:07 -------- d-----w- c:\program files\iPod
    2011-03-08 22:07 . 2011-03-08 22:08 -------- d-----w- c:\program files\iTunes
    2011-03-08 22:03 . 2011-03-08 22:03 -------- d-----w- c:\program files\Bonjour
    2011-03-07 22:08 . 2011-03-07 22:08 -------- d-----w- c:\documents and settings\gbowne\Application Data\Malwarebytes
    2011-03-07 21:40 . 2011-03-07 21:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-03-07 20:26 . 2011-03-07 20:26 -------- d-----w- c:\documents and settings\gbowne\DoctorWeb
    2011-03-07 20:11 . 2011-03-07 20:11 388096 ----a-r- c:\documents and settings\gbowne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-03-07 20:11 . 2011-03-07 20:11 -------- d-----w- c:\program files\Trend Micro
    2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\gbowne\Application Data\f-secure
    2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2011-03-04 04:12 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
    2011-03-04 00:57 . 2011-03-04 00:59 -------- dc-h--w- c:\windows\ie8
    2011-03-02 22:11 . 2011-03-02 22:11 98304 --sha-r- c:\windows\system32\ntlanui2I.dll
    2011-02-22 16:28 . 2011-02-22 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
    2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\gbowne\Application Data\Juniper Networks
    2011-02-08 23:42 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-03 05:40 . 2010-04-20 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-03 03:19 . 2008-08-28 00:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-21 02:09 . 2009-09-03 14:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 02:08 . 2009-09-03 14:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
    "LayoutM"="KLayMgr.exe" [2004-08-26 45056]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-03 115560]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1268\Scripts\Logon\0\0]
    "Script"=TS-webproxy.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logoff\0\0]
    "Script"=map-delete.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\0\0]
    "Script"=TS-webproxy.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\0]
    "Script"=logonscript.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\1]
    "Script"=checkcite.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\2]
    "Script"=Lexis trusted site.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/10/2010 8:02 PM 102448]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/3/2010 9:57 AM 23888]
    S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [7/30/2008 3:31 PM 46976]
    S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/24/2004 11:04 PM 7796]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-01-24 19:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ocintranet.ocgov.com/
    uInternet Connection Wizard,ShellNext = hxxp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3459245&prodTypeId=12454&prodSeriesId=3459241&swLang=13&taskId=135&swEnvOID=1093
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: efile1.occourts.org
    Trusted Zone: lexis.com
    Trusted Zone: lexisnexis.com
    Trusted Zone: microsoft.com
    Trusted Zone: ocgov.com\webproxy-1
    Trusted Zone: ocgov.com\webproxy-2
    Trusted Zone: ocgov.com\webproxy-3
    Trusted Zone: ocgov.com\webproxy-4
    FF - ProfilePath - c:\documents and settings\gbowne\Application Data\Mozilla\Firefox\Profiles\meiijc8o.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    SafeBoot-Symantec Antvirus
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-09 09:07
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(932)
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2011-03-09 09:08:44
    ComboFix-quarantined-files.txt 2011-03-09 17:08
    .
    Pre-Run: 47,502,958,592 bytes free
    Post-Run: 48,903,090,176 bytes free
    .
    - - End Of File - - 5E35E2E219F3CC37D0C2D857575F8980
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    My instructions clearly say to run Combofix from computer's desktop.
    Copy combofix.exe to your desktop and re-run it.
    Post new log.

    ===================================================================

    Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
    Upload following files to http://www.virustotal.com/ for security check:
    - c:\windows\system32\ntlanui2I.dll
    If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  7. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    Sorry about not running it from the desktop. I ran it from the desktop and the results are below. I also ran the file you cited on virustotal.com The results are also below. Thank you very much.

    Combofix:

    ComboFix 11-03-08.03 - gbowne 03/09/2011 9:56.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2777 [GMT -8:00]
    Running from: c:\documents and settings\gbowne\Desktop\ComboFix.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-08 22:07 . 2011-03-08 22:07 -------- d-----w- c:\program files\iPod
    2011-03-08 22:07 . 2011-03-08 22:08 -------- d-----w- c:\program files\iTunes
    2011-03-08 22:03 . 2011-03-08 22:03 -------- d-----w- c:\program files\Bonjour
    2011-03-07 22:08 . 2011-03-07 22:08 -------- d-----w- c:\documents and settings\gbowne\Application Data\Malwarebytes
    2011-03-07 21:40 . 2011-03-07 21:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-03-07 20:26 . 2011-03-07 20:26 -------- d-----w- c:\documents and settings\gbowne\DoctorWeb
    2011-03-07 20:11 . 2011-03-07 20:11 388096 ----a-r- c:\documents and settings\gbowne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-03-07 20:11 . 2011-03-07 20:11 -------- d-----w- c:\program files\Trend Micro
    2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\gbowne\Application Data\f-secure
    2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2011-03-04 04:12 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
    2011-03-04 00:57 . 2011-03-04 00:59 -------- dc-h--w- c:\windows\ie8
    2011-03-02 22:11 . 2011-03-02 22:11 98304 --sha-r- c:\windows\system32\ntlanui2I.dll
    2011-02-22 16:28 . 2011-02-22 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
    2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\gbowne\Application Data\Juniper Networks
    2011-02-08 23:42 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-03 05:40 . 2010-04-20 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-03 03:19 . 2008-08-28 00:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-21 02:09 . 2009-09-03 14:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 02:08 . 2009-09-03 14:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
    "LayoutM"="KLayMgr.exe" [2004-08-26 45056]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-03 115560]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1268\Scripts\Logon\0\0]
    "Script"=TS-webproxy.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logoff\0\0]
    "Script"=map-delete.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\0\0]
    "Script"=TS-webproxy.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\0]
    "Script"=logonscript.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\1]
    "Script"=checkcite.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\2]
    "Script"=Lexis trusted site.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/10/2010 8:02 PM 102448]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/3/2010 9:57 AM 23888]
    S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [7/30/2008 3:31 PM 46976]
    S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/24/2004 11:04 PM 7796]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-01-24 19:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ocintranet.ocgov.com/
    uInternet Connection Wizard,ShellNext = hxxp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3459245&prodTypeId=12454&prodSeriesId=3459241&swLang=13&taskId=135&swEnvOID=1093
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: efile1.occourts.org
    Trusted Zone: lexis.com
    Trusted Zone: lexisnexis.com
    Trusted Zone: microsoft.com
    Trusted Zone: ocgov.com\webproxy-1
    Trusted Zone: ocgov.com\webproxy-2
    Trusted Zone: ocgov.com\webproxy-3
    Trusted Zone: ocgov.com\webproxy-4
    FF - ProfilePath - c:\documents and settings\gbowne\Application Data\Mozilla\Firefox\Profiles\meiijc8o.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-09 09:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(932)
    c:\windows\system32\igfxdev.dll
    .
    - - - - - - - > 'explorer.exe'(552)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-03-09 10:00:18
    ComboFix-quarantined-files.txt 2011-03-09 18:00
    .
    Pre-Run: 48,869,584,896 bytes free
    Post-Run: 48,888,504,320 bytes free
    .
    - - End Of File - - F33730F753E205AA34380924352DE6C4


    Virustotal.com results:

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name: ntdll.dll
    Submission date: 2011-03-09 18:03:37 (UTC)
    Current status: queued queued analysing finished


    Result: 0/ 43 (0.0%)
    VT Community

    not reviewed
    Safety score: -
    Compact Print results Antivirus Version Last Update Result
    AhnLab-V3 2011.03.09.02 2011.03.09 -
    AntiVir 7.11.4.141 2011.03.09 -
    Antiy-AVL 2.0.3.7 2011.03.09 -
    Avast 4.8.1351.0 2011.03.09 -
    Avast5 5.0.677.0 2011.03.09 -
    AVG 10.0.0.1190 2011.03.09 -
    BitDefender 7.2 2011.03.09 -
    CAT-QuickHeal 11.00 2011.03.09 -
    ClamAV 0.96.4.0 2011.03.09 -
    Commtouch 5.2.11.5 2011.03.09 -
    Comodo 7925 2011.03.09 -
    DrWeb 5.0.2.03300 2011.03.09 -
    Emsisoft 5.1.0.2 2011.03.09 -
    eSafe 7.0.17.0 2011.03.07 -
    eTrust-Vet 36.1.8205 2011.03.09 -
    F-Prot 4.6.2.117 2011.03.09 -
    F-Secure 9.0.16440.0 2011.03.09 -
    Fortinet 4.2.254.0 2011.03.09 -
    GData 21 2011.03.09 -
    Ikarus T3.1.1.97.0 2011.03.09 -
    Jiangmin 13.0.900 2011.03.09 -
    K7AntiVirus 9.92.4065 2011.03.09 -
    Kaspersky 7.0.0.125 2011.03.09 -
    McAfee 5.400.0.1158 2011.03.09 -
    McAfee-GW-Edition 2010.1C 2011.03.09 -
    Microsoft 1.6603 2011.03.09 -
    NOD32 5939 2011.03.09 -
    Norman 6.07.03 2011.03.09 -
    nProtect 2011-02-10.01 2011.02.15 -
    Panda 10.0.3.5 2011.03.09 -
    PCTools 7.0.3.5 2011.03.09 -
    Prevx 3.0 2011.03.09 -
    Rising 23.48.02.06 2011.03.09 -
    Sophos 4.63.0 2011.03.09 -
    SUPERAntiSpyware 4.40.0.1006 2011.03.09 -
    Symantec 20101.3.0.103 2011.03.09 -
    TheHacker 6.7.0.1.146 2011.03.08 -
    TrendMicro 9.200.0.1012 2011.03.09 -
    TrendMicro-HouseCall 9.200.0.1012 2011.03.09 -
    VBA32 3.12.14.3 2011.03.09 -
    VIPRE 8648 2011.03.09 -
    ViRobot 2011.3.9.4349 2011.03.09 -
    VirusBuster 13.6.243.0 2011.03.09 -
    Additional informationShow all
    MD5 : f8f0d25ca553e39dde485d8fc7fcce89
    SHA1 : 66e2618e7aaf0b59e44aea5431893f3a765bb87b
    SHA256: 54df909101aaec63234a5c33b51d6689fef58b943942bffa9606864f43ec1085
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


    Go to Microsoft's website => http://support.microsoft.com/kb/310994

    Select the download that's appropriate for your Operating System

    [​IMG]


    Download the file & save it as it's originally named.


    ---------------------------------------------------------------------

    Transfer all files you just downloaded, to the desktop of the infected computer.

    --------------------------------------------------------------------


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    [​IMG]


    • Drag the setup package onto ComboFix.exe and drop it.

    • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


      [​IMG]


    • At the next prompt, click 'Yes' to run the full ComboFix scan.

    • When the tool is finished, it will produce a report for you.
    Please post the C:\ComboFix.txt.
     
  9. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    Thanks for the words of advice on the Recovery Console. I want to make sure I don't screw anything up in downloading the right one.

    I went to the link you provided me on the Microsoft website to download the Recovery Console, but I can't determine which one of the many links is the appropirate Recovery Console. The link talks about downloading Set-up disks. I am not sure if that is the same thing as downloading the appropriate Recovery Console.

    It is a little more confusing because it looks like one of the graphics you copied into your reply is not coming up on my computer, so I am not sure if it is trying to tell me some important information that will make it more clear what I am suppossed to do.

    I would really appreciate a bit more guidance or clarification on downloading the right Recovery Console. It seems important, so I want to make sure I get it right.

    Thanks,
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

  11. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    Thanks for pointing me in the right direction with the Recovery Consule. I followed all your instructions and here is the updated report from ComboFix:


    ComboFix 11-03-08.03 - gbowne 03/09/2011 11:06:56.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2783 [GMT -8:00]
    Running from: c:\documents and settings\gbowne\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\gbowne\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-08 22:07 . 2011-03-08 22:07 -------- d-----w- c:\program files\iPod
    2011-03-08 22:07 . 2011-03-08 22:08 -------- d-----w- c:\program files\iTunes
    2011-03-08 22:03 . 2011-03-08 22:03 -------- d-----w- c:\program files\Bonjour
    2011-03-07 22:08 . 2011-03-07 22:08 -------- d-----w- c:\documents and settings\gbowne\Application Data\Malwarebytes
    2011-03-07 21:40 . 2011-03-07 21:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-03-07 20:26 . 2011-03-07 20:26 -------- d-----w- c:\documents and settings\gbowne\DoctorWeb
    2011-03-07 20:11 . 2011-03-07 20:11 388096 ----a-r- c:\documents and settings\gbowne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-03-07 20:11 . 2011-03-07 20:11 -------- d-----w- c:\program files\Trend Micro
    2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\gbowne\Application Data\f-secure
    2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2011-03-04 04:12 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
    2011-03-04 00:57 . 2011-03-04 00:59 -------- dc-h--w- c:\windows\ie8
    2011-03-02 22:11 . 2011-03-02 22:11 98304 --sha-r- c:\windows\system32\ntlanui2I.dll
    2011-02-22 16:28 . 2011-02-22 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
    2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\gbowne\Application Data\Juniper Networks
    2011-02-08 23:42 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-03 05:40 . 2010-04-20 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-03 03:19 . 2008-08-28 00:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-21 02:09 . 2009-09-03 14:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 02:08 . 2009-09-03 14:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:59 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
    2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-03-09_17.07.13 )))))))))))))))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
    "LayoutM"="KLayMgr.exe" [2004-08-26 45056]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-03 115560]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1268\Scripts\Logon\0\0]
    "Script"=TS-webproxy.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logoff\0\0]
    "Script"=map-delete.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\0\0]
    "Script"=TS-webproxy.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\0]
    "Script"=logonscript.vbs
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\1]
    "Script"=checkcite.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\2]
    "Script"=Lexis trusted site.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    .
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/10/2010 8:02 PM 102448]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/3/2010 9:57 AM 23888]
    S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [7/30/2008 3:31 PM 46976]
    S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/24/2004 11:04 PM 7796]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-01-24 19:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ocintranet.ocgov.com/
    uInternet Connection Wizard,ShellNext = hxxp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3459245&prodTypeId=12454&prodSeriesId=3459241&swLang=13&taskId=135&swEnvOID=1093
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: efile1.occourts.org
    Trusted Zone: lexis.com
    Trusted Zone: lexisnexis.com
    Trusted Zone: microsoft.com
    Trusted Zone: ocgov.com\webproxy-1
    Trusted Zone: ocgov.com\webproxy-2
    Trusted Zone: ocgov.com\webproxy-3
    Trusted Zone: ocgov.com\webproxy-4
    FF - ProfilePath - c:\documents and settings\gbowne\Application Data\Mozilla\Firefox\Profiles\meiijc8o.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-09 11:10
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(932)
    c:\windows\system32\igfxdev.dll
    .
    - - - - - - - > 'explorer.exe'(4700)
    c:\windows\system32\WININET.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-03-09 11:11:17
    ComboFix-quarantined-files.txt 2011-03-09 19:11
    ComboFix2.txt 2011-03-09 18:00
    .
    Pre-Run: 48,779,165,696 bytes free
    Post-Run: 48,839,221,248 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - DFE7489273943CF217B97AD2B153BA3E
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very good :)

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    The redirection problem appears to be gone!!

    I am going to follow your direction on the previous post with OTL, and with post results
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very good :)
     
  15. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    I ran the OTL software. I am copying the OTL.Txt report first, and then the Extras.txt report in a seperate reply.

    OTL.Txt:

    OTL logfile created on: 3/9/2011 2:01:46 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\gbowne\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 64.42 Gb Total Space | 45.48 Gb Free Space | 70.61% Space Free | Partition Type: NTFS
    Drive D: | 10.01 Gb Total Space | 6.22 Gb Free Space | 62.08% Space Free | Partition Type: NTFS
    Drive F: | 488.00 Mb Total Space | 449.95 Mb Free Space | 92.20% Space Free | Partition Type: FAT
    Drive G: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
    Drive L: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
    Drive N: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
    Drive T: | 105.66 Gb Total Space | 68.01 Gb Free Space | 64.37% Space Free | Partition Type: NTFS

    Computer Name: CCXPJ008 | User Name: gbowne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/09 13:32:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gbowne\Desktop\OTL.exe
    PRC - [2010/05/03 09:57:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/05/03 09:57:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/05/03 09:57:34 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
    PRC - [2010/05/03 09:57:34 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2010/05/03 09:57:34 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
    PRC - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/09 13:32:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gbowne\Desktop\OTL.exe
    MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - [2010/05/03 09:57:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/05/03 09:57:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/05/03 09:57:34 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
    SRV - [2010/05/03 09:57:34 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/05/03 09:57:34 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
    SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
    SRV - [2009/09/18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/01/18 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110303.021\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/01/18 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110303.021\NAVENG.SYS -- (NAVENG)
    DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
    DRV - [2010/06/01 08:49:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2010/06/01 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2010/06/01 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/05/03 09:57:40 | 000,043,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
    DRV - [2010/05/03 09:57:36 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2010/05/03 09:57:36 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2010/05/03 09:57:36 | 000,097,096 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
    DRV - [2010/05/03 09:57:36 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
    DRV - [2010/05/03 09:57:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2010/05/03 09:57:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2010/05/03 09:57:30 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
    DRV - [2009/09/18 03:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
    DRV - [2008/10/20 19:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
    DRV - [2007/12/20 15:32:12 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
    DRV - [2007/05/11 18:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2006/11/07 03:32:00 | 000,046,976 | R--- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPKBCCID.sys -- (HPKBCCID)
    DRV - [2004/10/24 23:04:00 | 000,007,796 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Stc2Dfu.sys -- (STC2DFU)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ocintranet.ocgov.com/
    IE - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/23 15:44:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/14 08:44:44 | 000,000,000 | ---D | M]

    [2009/09/09 16:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gbowne\Application Data\Mozilla\Extensions
    [2011/03/02 16:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gbowne\Application Data\Mozilla\Firefox\Profiles\meiijc8o.default\extensions
    [2010/04/28 14:02:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\gbowne\Application Data\Mozilla\Firefox\Profiles\meiijc8o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/03/02 16:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/20 07:22:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/23 07:08:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/20 07:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/20 08:26:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/02/22 08:28:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2010/04/20 07:22:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/03/09 09:07:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\tmw7e\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. )
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\tmw7e\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. )
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [LayoutM] C:\WINDOWS\KLayMgr.exe (Chicony)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: efile1.occourts.org ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: lexis.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: lexisnexis.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: microsoft.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: ocgov.com ([webproxy-1] http in Trusted sites)
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: ocgov.com ([webproxy-2] http in Trusted sites)
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: ocgov.com ([webproxy-3] http in Trusted sites)
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: ocgov.com ([webproxy-4] http in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217454450312 (WUWebControl Class)
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1217454501750 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://coco.sweb.ocgov.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.252 172.31.0.148
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coco.ocgoventerprise.com
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/07/30 13:25:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: HidServ - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/09 13:59:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gbowne\Desktop\OTL.exe
    [2011/03/09 11:06:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/03/09 08:52:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/03/09 08:52:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/03/09 08:52:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/03/09 08:52:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/03/09 08:52:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/03/09 08:50:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/08 14:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/03/08 14:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/03/08 14:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/03/08 14:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/03/08 14:02:04 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/03/07 14:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\Application Data\Malwarebytes
    [2011/03/07 13:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/03/07 12:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\DoctorWeb
    [2011/03/07 12:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2011/03/07 12:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\Start Menu\Programs\HiJackThis
    [2011/03/07 11:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\Application Data\f-secure
    [2011/03/07 11:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
    [2011/03/03 16:57:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2011/02/22 08:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2011/02/17 14:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\Start Menu\Programs\Juniper Networks
    [2011/02/17 14:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2011/02/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\Application Data\Juniper Networks
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/09 13:59:55 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\Microsoft Office Word 2003.lnk
    [2011/03/09 13:32:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gbowne\Desktop\OTL.exe
    [2011/03/09 11:06:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/03/09 09:07:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/03/08 18:41:38 | 004,283,114 | R--- | M] () -- C:\Documents and Settings\gbowne\My Documents\ComboFix.exe
    [2011/03/08 18:41:38 | 004,283,114 | R--- | M] () -- C:\Documents and Settings\gbowne\Desktop\ComboFix.exe
    [2011/03/08 14:58:39 | 000,446,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/03/08 14:58:39 | 000,073,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/03/08 14:56:33 | 000,000,473 | ---- | M] () -- C:\WINDOWS\smscfg.ini
    [2011/03/08 14:54:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/08 14:53:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/03/08 14:08:45 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/03/08 14:03:51 | 000,700,318 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/03/08 11:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/03/08 08:33:13 | 000,032,086 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\RKUunhooker
    [2011/03/07 16:28:00 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\dds.pif
    [2011/03/07 14:34:06 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\tnrfrkgc.exe
    [2011/03/07 12:12:12 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\HiJackThis.lnk
    [2011/03/04 03:01:13 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/03/03 17:04:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\gbowne\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/03/03 09:26:33 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
    [2011/03/02 16:52:01 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\gbowne\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2011/03/02 14:11:12 | 000,098,304 | RHS- | M] () -- C:\WINDOWS\System32\ntlanui2I.dll
    [2011/02/08 16:30:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\gbowne\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2011/02/08 15:51:18 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/03/09 11:06:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/03/09 11:06:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/03/09 09:54:06 | 004,283,114 | R--- | C] () -- C:\Documents and Settings\gbowne\Desktop\ComboFix.exe
    [2011/03/09 09:53:47 | 004,283,114 | R--- | C] () -- C:\Documents and Settings\gbowne\My Documents\ComboFix.exe
    [2011/03/09 08:52:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/03/09 08:52:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/03/09 08:52:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/03/09 08:52:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/03/09 08:52:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/03/08 14:08:45 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/03/08 08:33:13 | 000,032,086 | ---- | C] () -- C:\Documents and Settings\gbowne\Desktop\RKUunhooker
    [2011/03/07 16:27:59 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\gbowne\Desktop\dds.pif
    [2011/03/07 14:34:06 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\gbowne\Desktop\tnrfrkgc.exe
    [2011/03/07 13:41:06 | 000,700,318 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/03/07 12:11:57 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\gbowne\Desktop\HiJackThis.lnk
    [2011/03/03 17:04:24 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\gbowne\Start Menu\Programs\Internet Explorer.lnk
    [2011/03/02 14:11:12 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\ntlanui2I.dll
    [2010/09/21 11:14:13 | 000,001,604 | ---- | C] () -- C:\Program Files\QuickTime Player.lnk
    [2010/08/23 07:13:21 | 000,001,729 | ---- | C] () -- C:\Program Files\Adobe Reader 9.lnk
    [2010/05/06 10:31:39 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/07/20 10:37:41 | 000,065,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2008/08/26 13:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/08/26 09:44:16 | 000,000,185 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2008/07/31 13:38:09 | 000,000,473 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/07/31 13:29:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2008/07/31 10:57:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2008/07/31 10:57:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2008/07/31 10:57:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2008/07/31 10:57:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2008/07/31 10:57:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2008/07/31 10:57:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2008/07/31 10:39:51 | 000,000,966 | ---- | C] () -- C:\WINDOWS\TMW70.INI
    [2008/07/30 16:22:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/07/30 15:29:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
    [2008/07/30 13:26:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2008/07/30 13:22:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2008/07/30 05:10:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2008/07/30 05:09:06 | 000,311,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2007/07/03 11:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/10/12 15:35:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Instx64.exe
    [2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2004/08/04 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 04:00:00 | 000,446,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 04:00:00 | 000,073,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2008/07/30 15:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
    [2008/07/30 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
    [2011/03/07 11:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
    [2011/02/17 14:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
    [2008/07/30 15:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2011/03/07 13:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/03/18 07:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/06 11:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/15 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/04/07 11:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2008/07/30 15:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
    [2008/07/30 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Search
    [2011/03/07 11:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gbowne\Application Data\f-secure
    [2011/02/17 14:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gbowne\Application Data\Juniper Networks
    [2008/07/30 15:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gbowne\Application Data\Windows Desktop Search
    [2008/07/30 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gbowne\Application Data\Windows Search
    [2009/07/30 15:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\old_gbowne\Application Data\InterVideo
    [2008/07/30 15:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\old_gbowne\Application Data\Windows Desktop Search
    [2008/07/30 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\old_gbowne\Application Data\Windows Search
    [2008/07/31 10:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\srivers\Application Data\InterVideo

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/07/30 13:25:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/08/06 09:18:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/03/09 11:06:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/03/09 11:11:18 | 000,013,684 | ---- | M] () -- C:\ComboFix.txt
    [2008/07/30 13:25:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2008/07/30 13:25:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2008/07/30 13:25:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/26 09:09:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/03/08 14:53:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2006/04/24 07:59:38 | 000,000,028 | ---- | M] () -- C:\tm.bat

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2008/07/30 13:25:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2008/04/04 21:01:40 | 000,272,896 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp5r1.DLL
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2010/08/23 07:13:21 | 000,001,729 | ---- | M] () -- C:\Program Files\Adobe Reader 9.lnk
    [2010/09/21 11:14:13 | 000,001,604 | ---- | M] () -- C:\Program Files\QuickTime Player.lnk

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/07/30 05:08:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2008/07/30 05:08:23 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2008/07/30 05:08:23 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/08/26 09:14:45 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/09/09 15:59:55 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\gbowne\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2008/07/30 15:24:08 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\gbowne\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/08 18:41:38 | 004,283,114 | R--- | M] () -- C:\Documents and Settings\gbowne\Desktop\ComboFix.exe
    [2011/03/09 13:32:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gbowne\Desktop\OTL.exe
    [2011/03/07 14:34:06 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\tnrfrkgc.exe
    [2011/03/09 11:03:28 | 004,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\gbowne\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2011/03/08 18:41:38 | 004,283,114 | R--- | M] () -- C:\Documents and Settings\gbowne\My Documents\ComboFix.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/08/26 09:25:05 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\gbowne\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/05/06 10:39:13 | 000,008,334 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/03/09 11:44:42 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\gbowne\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 16:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 10:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 10:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 10:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
  16. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    Here is the Extras.Txt report

    Extras.Txt:

    OTL Extras logfile created on: 3/9/2011 2:01:47 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\gbowne\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 64.42 Gb Total Space | 45.48 Gb Free Space | 70.61% Space Free | Partition Type: NTFS
    Drive D: | 10.01 Gb Total Space | 6.22 Gb Free Space | 62.08% Space Free | Partition Type: NTFS
    Drive F: | 488.00 Mb Total Space | 449.95 Mb Free Space | 92.20% Space Free | Partition Type: FAT
    Drive G: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
    Drive L: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
    Drive N: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
    Drive T: | 105.66 Gb Total Space | 68.01 Gb Free Space | 64.37% Space Free | Partition Type: NTFS

    Computer Name: CCXPJ008 | User Name: gbowne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Symantec AntiVirus\Smc.exe" = C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
    "C:\Program Files\Symantec AntiVirus\SNAC.EXE" = C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{10BB6280-4D34-11D4-B77B-000083617EED}" = LS Plus Form Installer
    "{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
    "{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
    "{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7EFA9E45-BC04-4613-B88F-079B01C9F862}" = HP USB Smart Card Keyboard
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{888D0F50-FF0A-4808-966E-23D63277BF2A}" = Intel(R) Network Connections 12.4.38.0
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
    "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BC5B8C48-3B91-11D4-816D-0000832E20BE}" = LS Plus Product Browser
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
    "{E3B48D63-75B2-4D36-8EE8-175F7497873F}" = Legal Solutions Plus
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HECI" = Intel® Management Engine Interface
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PDF-XChange 3_is1" = PDF-XChange 3
    "RDC" = RDC
    "Time Matters 7.0 Enterprise - Legal Series" = Time Matters 7.0 Enterprise - Legal Series
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Juniper_Term_Services" = Juniper Terminal Services Client

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/7/2011 5:53:02 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
    Shared\ccApp.exe Event Info: Resume Thread Action Taken: Logged Actor Process:
    C:\Program Files\PC Tools Security\UmInject32.exe (PID 2580) Time: Monday, March
    07, 2011 1:53:02 PM

    Error - 3/7/2011 5:53:02 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\SmcGui.exe Event Info: Allocation Memory Action Taken: Logged Actor Process:
    C:\Program Files\PC Tools Security\UmInject32.exe (PID 2580) Time: Monday, March
    07, 2011 1:53:02 PM

    Error - 3/7/2011 5:53:02 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\SmcGui.exe Event Info: Write Memory Action Taken: Logged Actor Process:
    C:\Program Files\PC Tools Security\UmInject32.exe (PID 2580) Time: Monday, March
    07, 2011 1:53:02 PM

    Error - 3/7/2011 5:53:02 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\SmcGui.exe Event Info: Create Thread Action Taken: Logged Actor Process:
    C:\Program Files\PC Tools Security\UmInject32.exe (PID 2580) Time: Monday, March
    07, 2011 1:53:02 PM

    Error - 3/7/2011 5:53:02 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711725
    Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
    AntiVirus\SmcGui.exe Event Info: Resume Thread Action Taken: Logged Actor Process:
    C:\Program Files\PC Tools Security\UmInject32.exe (PID 2580) Time: Monday, March
    07, 2011 1:53:02 PM

    Error - 3/7/2011 8:54:07 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711731
    Description = Security Risk Found!Tracking Cookies in File: Cookie:gbowne@bs.serving-sys.com/
    by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description:
    The file was deleted successfully.

    Error - 3/8/2011 2:59:03 AM | Computer Name = CCXPJ008 | Source = SescLU | ID = 13
    Description = LiveUpdate returned a non-critical error. Available content updates
    may have failed to install.

    Error - 3/8/2011 3:59:13 AM | Computer Name = CCXPJ008 | Source = SescLU | ID = 13
    Description = LiveUpdate returned a non-critical error. Available content updates
    may have failed to install.

    Error - 3/9/2011 12:14:52 AM | Computer Name = CCXPJ008 | Source = SescLU | ID = 13
    Description = LiveUpdate returned a non-critical error. Available content updates
    may have failed to install.

    Error - 3/9/2011 1:15:00 AM | Computer Name = CCXPJ008 | Source = SescLU | ID = 13
    Description = LiveUpdate returned a non-critical error. Available content updates
    may have failed to install.

    [ System Events ]
    Error - 3/4/2011 7:18:45 AM | Computer Name = CCXPJ008 | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 3/4/2011 9:26:46 AM | Computer Name = CCXPJ008 | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 3/5/2011 11:15:39 AM | Computer Name = CCXPJ008 | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 3/5/2011 11:15:58 AM | Computer Name = CCXPJ008 | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 3/5/2011 11:40:31 AM | Computer Name = CCXPJ008 | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 3/5/2011 11:40:54 AM | Computer Name = CCXPJ008 | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 3/7/2011 11:40:55 AM | Computer Name = CCXPJ008 | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 3/7/2011 3:38:30 PM | Computer Name = CCXPJ008 | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_FSBL\0000 disappeared from the system without
    first being prepared for removal.

    Error - 3/8/2011 6:56:47 PM | Computer Name = CCXPJ008 | Source = DCOM | ID = 10016
    Description = The application-specific permission settings do not grant Local Launch
    permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
    modified using the Component Services administrative tool.

    Error - 3/9/2011 12:57:13 PM | Computer Name = CCXPJ008 | Source = Service Control Manager | ID = 7034
    Description = The Smart Card service terminated unexpectedly. It has done this
    1 time(s).


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
      O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
      O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: efile1.occourts.org ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: lexis.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: lexisnexis.com ([]http in Trusted sites)
      O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: microsoft.com ([]http in Trusted sites)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
      
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring" =-
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    I ran OTL again with the Custom Scans/Fixes code you gave me. The results are below (it will take two posts). I will run the rest of those scans next and will post the appropriate results.

    OTL:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\efile1.occourts.org\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lexis.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lexisnexis.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\ deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\WINDOWS\003379_.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 142588610 bytes

    User: gbowne
    ->Temp folder emptied: 4078 bytes
    ->Temporary Internet Files folder emptied: 118944953 bytes
    ->Java cache emptied: 49949739 bytes
    ->FireFox cache emptied: 67541682 bytes
    ->Apple Safari cache emptied: 8568832 bytes
    ->Flash cache emptied: 230715 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49219 bytes

    User: old_gbowne
    ->Temp folder emptied: 2744 bytes
    ->Temporary Internet Files folder emptied: 472589929 bytes
    ->Java cache emptied: 44202487 bytes
    ->FireFox cache emptied: 63443747 bytes
    ->Google Chrome cache emptied: 6780940 bytes
    ->Apple Safari cache emptied: 9663488 bytes
    ->Flash cache emptied: 61458 bytes

    User: srivers
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 81999 bytes
    ->Java cache emptied: 2023 bytes
    ->Flash cache emptied: 723 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 439 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 939.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: gbowne
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: old_gbowne
    ->Flash cache emptied: 0 bytes

    User: srivers
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03092011_153533

    Files\Folders moved on Reboot...
    C:\Documents and Settings\gbowne\Local Settings\Temp\ExchangePerflog_8484fa3125f0f1d7cfcccd43.dat moved successfully.
    File\Folder C:\Documents and Settings\gbowne\Local Settings\Temp\~DF3E09.tmp not found!
    File\Folder C:\Documents and Settings\gbowne\Local Settings\Temp\~DF5A18.tmp not found!
    File\Folder C:\Documents and Settings\gbowne\Local Settings\Temporary Internet Files\Content.Word\~WRS4020.tmp not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\,728x90,1008x150,9x1;p=t;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=4515615212875466[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\,728x90,1008x150,9x1;p=t;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9825164361257128[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\00x250,300x600,11x1;p=tr;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8140027965603740[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\00x250,300x600,11x1;p=tr;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8682918671595733[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\0x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9869061703775222[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\1;sz=1x1,4x1;p=f1;ifb=pf;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9825164361257128[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\3MDQ0NTMxODI@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Movie,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwMjg4NTkxMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwMTI5NDEwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwMzA4ODIwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwNjA5MzEzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwNjEwODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwNjMxODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwNjYxMzYwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwODU3MTI4Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwODUwNTE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwODY5NzA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwOTc1NzQwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwOTQ1NDMwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\aindetails;tile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;id=tt0875034;g=m;g=ro;tt=f;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=1917046556473147[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\DEzNjAwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\ile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9869061703775222[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\nBnXkFtZTcwMjMzMjg3Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-180,BottomLeft,129,-130_CR129,130,130,95_ZATrailer,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\sz=1x1,4x1;p=f1;ifb=pf;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2350136056938243[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\TE0NDk5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\tile=4;sz=728x90,2x1;p=b;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=4515615212875466[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=9082590769855984 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\TY0Mjg5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\wMDcwMTE4Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,129,-130_CR129,130,130,95_ZAFull%20Movie,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\XkFtZTcwMjQxODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAWeb%20Only,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\XkFtZTcwMzg4NjE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAWeb%20Only,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\XkFtZTcwOTc4ODc0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAFeaturette,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=6969543575778394 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=6969543575778394 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\business;s2=realestate;s3=blogs;s4=southcoasthomes;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=3635401759948840[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\business;s2=realestate;s3=blogs;s4=southcoasthomes;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=3635401759948840[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\de%253Dsant%253Bkw%253D%253Bref%253Docregister[1].com%253Btest%253D%253Bfci%253Dad%253Bdcopt%253D%253Btile%253D1%253Bsz%253D728x90%253Bord%253D7845544167035297%253F not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=9606188904109490 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=4864278362129559 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=9551541005352244 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=4864278362129559 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\RAMSTTIO\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\RAMSTTIO\5BanBnXkFtZTcwOTY1NDAwMg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-180,BottomLeft,129,-130_CR129,130,130,95_ZAClip,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\RAMSTTIO\details;tile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=co;tt=f;id=tt1185431;coo=usa;m=PG13;s=67;s=34;s=279;s=97;s=46;s=10;s=288;s=14;s=19;;ord=1197522775218814[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\RAMSTTIO\egelife;s1=news;s2=education;s3=blogs;s4=collegelife;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=6954473932535780 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\RAMSTTIO\Tk3OTE4Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\,728x90,1008x150,9x1;p=t;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8682918671595733[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\0x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=7795452817544682[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\1;sz=1x1,4x1;p=f1;ifb=pf;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8103924950058661[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\1;sz=1x1,4x1;p=f1;ifb=pf;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8140027965603740[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\1;sz=1x1,4x1;p=f1;ifb=pf;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8682918671595733[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\28x90,1008x150,9x1;p=t;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2350136056938243[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMDkxMTg2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMjkwODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMTk5NzA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMTM4MDY5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMzc5MjM0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMzc5NzA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwNDA1NjQwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZANews,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwNjA1OTQ1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwNjA4NzE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwNTE5NDI0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwNzAxODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwODQ5ODY2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwODU5NzA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwOTAxODE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwOTQ5ODY2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwOTY1Mjg5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\DAwMTg1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\details;tile=1;sz=1x1,4x1;p=f1;ifb=pf;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3356843789137240[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\details;tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=dr;id=tt0935075;tt=f;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=7608559704551179[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\DM5NjIwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\eQWpwZ15BbWU3MDk3Njg3NDI@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAPromo,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\ile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8584039095603944[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\indetails;tile=1;sz=1x1,4x1;p=f1;ifb=pf;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8584039095603944[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\le=4;sz=728x90,2x1;p=b;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2350136056938243[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\maindetails;tile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;id=tt0875034;g=m;g=ro;tt=f;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=1397092143290698[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\nBnXkFtZTcwMzg2NjA2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\nBnXkFtZTcwNjQ0MDE2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\ndetails;tile=1;sz=1x1,4x1;p=f1;ifb=pf;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=889521207116140[1].7 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\nXkFtZTcwNDY5ODc0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAInterview,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\tails;tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=brc;id=tt1279935;g=co;tt=f;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8738313154692550[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\TcxMjA1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\TgxNzEwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=brc;id=tt0875034;g=m;g=ro;tt=f;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=1917046556473147[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\tile=5;sz=728x90,2x1;p=b;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9825164361257128[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\TIzOTUyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=9082590769855984 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\wMjUzMjQ2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Movie,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\x600,120x600,11x1;p=tr;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2350136056938243[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\K7T3DACW\3MDE3ODkyOTE@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Movie,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\K7T3DACW\ch;s1=outdoors;s2=watersports;s3=blogs;s4=beach;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=6097778527152018 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\K7T3DACW\ciencedude;s1=news;s2=tech;s3=blogs;s4=sciencedude;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=680751251860919[1].htm not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\K7T3DACW\egelife;s1=news;s2=education;s3=blogs;s4=collegelife;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=6954473932535780 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\K7T3DACW\zk2NzE4Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,129,-130_CR129,130,130,95_ZAFull%20Episode,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\5BanBnXkFtZTcwMzEzMjcyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\e=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=co;tt=f;id=tt1185431;coo=usa;m=PG13;s=67;s=34;s=279;s=97;s=46;s=10;s=288;s=14;s=19;;ord=7574284860615750[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\egelife;s1=news;s2=education;s3=blogs;s4=collegelife;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=6954473932535780 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\jk3OTE4Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\nBnXkFtZTcwODY1MzQ3Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\nBnXkFtZTcwOTc2NjE4Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-180,BottomLeft,129,-130_CR129,130,130,95_ZATrailer,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\nXkFtZTcwNTk1MzY2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAInterview,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\sciencedude;s1=news;s2=tech;s3=blogs;s4=sciencedude;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=680751251860919[1].4 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\TMwMDI4Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,129,-130_CR129,130,130,95_ZAFull%20Episode,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\XkFtZTcwMjg5OTY2MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAFeaturette,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\-2009-little-Road-Runner-Melanie-Oudin-aims-high-after-Maria-Sharapova-shock[1].html&spaceid=box1&sz=120x60&sz=120x90&sz=120x120&ls=f&transactionID=0909092225100388 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\-Road-Runner-Melanie-Oudin-aims-high-after-Maria-Sharapova-shock[1].html&spaceid=mpu&sz=200x200&sz=240x400&sz=250x250&sz=300x250&ls=f&transactionID=0909092225100388 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=6969543575778394 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=6969543575778394 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\business;s2=realestate;s3=blogs;s4=southcoasthomes;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=3635401759948840[1].5 not found!
     
  19. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    OTL results (PART II):

    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\de%253Dsant%253Bkw%253D%253Bref%253Docregister[1].com%253Btest%253D%253Bfci%253Dad%253Bdcopt%253D%253Btile%253D1%253Bsz%253D728x90%253Bord%253D8599735099350780%253F not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=9606188904109490 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=2;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=9551541005352244 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=316209615919757[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\de%253Dsant%253Bkw%253D%253Bref%253Docregister[1].com%253Btest%253D%253Bfci%253Dad%253Bdcopt%253D%253Btile%253D1%253Bsz%253D728x90%253Bord%253D5848660953025905%253F not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=4064016330542023 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=4064016330542023 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=9606188904109490 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=4064016330542023 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=9606188904109490 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\Melanie-Oudin-aims-high-after-Maria-Sharapova-shock[1].html&spaceid=dhtml&sz=120x240&sz=120x400&sz=120x600&sz=120x800&sz=300x600&ls=f&transactionID=0909092225100388 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=4864278362129559 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=316209615919757[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=316209615919757[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[2].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[3].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[4].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[5].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\5BanBnXkFtZTcwODMwOTg3Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-180,BottomLeft,129,-130_CR129,130,130,95_ZAClip,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\ach;s1=outdoors;s2=watersports;s3=blogs;s4=beach;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=ist;tile=1;sz=1x1;ord=6097778527152018 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\ch;s1=outdoors;s2=watersports;s3=blogs;s4=beach;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=6097778527152018 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\ch;s1=outdoors;s2=watersports;s3=blogs;s4=beach;pos=2;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=4;sz=300x250;ord=6097778527152018 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\details;tile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=co;tt=f;id=tt1185431;coo=usa;m=PG13;s=67;s=34;s=279;s=97;s=46;s=10;s=288;s=14;s=19;;ord=7574284860615750[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\e=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=co;tt=f;id=tt1185431;coo=usa;m=PG13;s=67;s=34;s=279;s=97;s=46;s=10;s=288;s=14;s=19;;ord=1197522775218814[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\egelife;s1=news;s2=education;s3=blogs;s4=collegelife;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=6954473932535780 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\sciencedude;s1=news;s2=tech;s3=blogs;s4=sciencedude;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=680751251860919[1].4 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\sciencedude;s1=news;s2=tech;s3=blogs;s4=sciencedude;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=680751251860919[1].4 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\sciencedude;s1=news;s2=tech;s3=blogs;s4=sciencedude;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=680751251860919[1].4 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\,728x90,1008x150,9x1;p=t;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8103924950058661[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\0x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3617094328323448[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\1;p=f1;ifb=pf;id=tt1417732;g=co;tt=tv;id=tt0386676;b=t250a;g=brc;id=nm0752407;g=dr;k=c;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2663395601415411[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\1;sz=1x1,4x1;p=f1;ifb=pf;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=4515615212875466[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMjc5NDYyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMjIxODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMTE2OTg2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMTUwODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMzczMzgyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMzIzMDAwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMzQ5NzAzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwNjc5NzA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwNjU2NDIzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwNzcxNTE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwNzEzMjYxMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwNzY2NDQzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\60x600,120x600,11x1;p=tr;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9825164361257128[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\8x150,9x1;p=t;id=tt1417732;g=co;tt=tv;id=tt0386676;b=t250a;g=brc;id=nm0752407;g=dr;k=c;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2663395601415411[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\9bwnKRsZNzjyh2jweFEEIo1kU7uwssfKfIpoPitpgDUdKi7tvACSS9BS9[1].lHhMMiFosCIdiaoixdteBQZNvbakopLdMm1QsAzLHk1cnMm5pSPn4yHrq8fKW8tBBRxksrVBXe_QlNVQ9U3Vf3a9jd927ZX_RdHoTtN not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=8379216734398254 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=8379216734398254 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\DgwODMwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\DM3ODY0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\DMyNDcyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\e=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3356843789137240[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\etails;tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=fm;tt=f;coo=usa;id=tt1323594;g=an;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=5114683573665458[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\ile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3617094328323448[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\indetails;tile=1;sz=1x1,4x1;p=f1;ifb=pf;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=7795452817544682[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\JeQWpwZ15BbWU3MDE3OTcwOTE@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\jI5MTA1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\le=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=889521207116140[1].7 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\maindetails;tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=dr;tt=f;id=tt0810819;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3606165620247102[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\maindetails;tile=5;sz=728x90,2x1;p=b;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=889521207116140[1].7 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\nBnXkFtZTcwMjQ2OTI3Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TczNTg0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TE1NTkxMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TE2NTIzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TEzODk5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\tile=5;sz=728x90,2x1;p=b;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8103924950058661[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TIxMTkyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TkwNDUxMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TYxMDQzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\wMzc2Nzk2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Movie,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\-2009-little-Road-Runner-Melanie-Oudin-aims-high-after-Maria-Sharapova-shock[1].html&spaceid=box2&sz=120x60&sz=120x90&sz=120x120&ls=f&transactionID=0909092225100388 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\3Dsant%253Bkw%253D%253Bref%253Dfreedomblogging[1].com%253Btest%253D%253Bfci%253Dad%253Bdcopt%253D%253Btile%253D1%253Bsz%253D728x90%253Bord%253D4864278362129559%253F not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\business;s2=realestate;s3=blogs;s4=southcoasthomes;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=3635401759948840[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=4064016330542023 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\otalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=316209615919757[1].htm not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=9551541005352244 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=9551541005352244 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=2;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=4864278362129559 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=316209615919757[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\US-Open-2009-little-Road-Runner-Melanie-Oudin-aims-high-after-Maria-Sharapova-shock[1].html&spaceid=banner&sz=728x90&sz=468x60&ls=f&transactionID=0909092225100388 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\usiness;s2=realestate;s3=blogs;s4=southcoasthomes;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=3635401759948840[1].htm not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\,728x90,1008x150,9x1;p=t;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8140027965603740[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\0x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8584039095603944[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3356843789137240[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\28x90,2x1;p=b;id=tt1417732;g=co;tt=tv;id=tt0386676;b=t250a;g=brc;id=nm0752407;g=dr;k=c;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2663395601415411[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMjc4ODc2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMjI0Mzk5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMTAxODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMTgwODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMTU4ODgzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMzcyMjA1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwNDg2NjE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwNjE5NDI0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwNjgxMTg2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwNTE3NTkxMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwODMyNTE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwOTg3NzE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwOTQxODUwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\600,11x1;p=tr;id=tt1417732;g=co;tt=tv;id=tt0386676;b=t250a;g=brc;id=nm0752407;g=dr;k=c;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2663395601415411[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\60x600,120x600,11x1;p=tr;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=4515615212875466[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\60x600,120x600,11x1;p=tr;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8103924950058661[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=8379216734398254 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=8379216734398254 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\DA5MjU0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\Dc1Njg0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\Dc5MTM0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\DQzOTkyNTI@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\DU2ODY0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\eQWpwZ15BbWU3MDg4MzcxODI@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-180,BottomLeft,129,-130_CR129,130,130,95_ZAPromo,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\ile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=7795452817544682[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\jI5NjQ1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\jI5OTkzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\jU4MjY1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\maindetails;tile=5;sz=728x90,2x1;p=b;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3356843789137240[1].5 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\mUjolTNyuTiyn6oUYxdCL7iyHd3qUUm7S6wcS68Cpzn9QLPJ4GrqNvFYs4rc8f6DTHaGKnsiD8mSzg_r7jOYOsSrPGCzN9faGIvC0s9_D6QWiKjNWXUY7CFbXe1zz61V2uGxX_nULZVYMiauAnZ2y[1].x_7A2foChM- not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\nBnXkFtZTcwNTE4ODc0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\nXkFtZTcwMDA0Nzc2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAInterview,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\nXkFtZTcwODY3NjY2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAInterview,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\s;tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=brc;id=tt0875034;g=m;g=ro;tt=f;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=1397092143290698[1] not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\TE1MjgzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=9082590769855984 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=9082590769855984 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\wODM5NDU3Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Movie,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=889521207116140[1].7 not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\XkFtZTcwODExOTI1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAWeb%20Only,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\zE3ODY0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\zg2MTYzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
    File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\zM0MTUwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!

    Registry entries deleted on Reboot...
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Go on.............
     
  21. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    Security Check results:

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Disabled!
    Symantec Endpoint Protection
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.4.2
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Symantec AntiVirus Smc.exe
    Symantec AntiVirus Rtvscan.exe
    Symantec AntiVirus SmcGui.exe
    ``````````End of Log````````````
     
  22. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    I ran the TFC program. It ran for awhile, then restarted. It did not appear to produce a report.

    I then ran the ESET Online Scanner. It ran for awhile, but then said "No Threats Found." Per your post, it did not produce a report.

    Again, thank you for your help and let me know what the next step is.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Uninstall Java(TM) 6 Update 7 .

    Update Firefox to the latest 3.6.15 version.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    =====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  24. bowneline

    bowneline TS Rookie Topic Starter Posts: 16

    Here is the OTL "system restore" log. I'm doing the rest of the stuff now.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: gbowne
    ->Temp folder emptied: 3006 bytes
    ->Temporary Internet Files folder emptied: 91750291 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 3625 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: old_gbowne
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: srivers
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 88.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: gbowne
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: old_gbowne
    ->Flash cache emptied: 0 bytes

    User: srivers
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.22.3 log created on 03102011_133255

    Files\Folders moved on Reboot...
    C:\Documents and Settings\gbowne\Local Settings\Temp\ExchangePerflog_8484fa3125f0f1d7cfcccd43.dat moved successfully.
    File\Folder C:\Documents and Settings\gbowne\Local Settings\Temp\~DF5D83.tmp not found!
    File\Folder C:\Documents and Settings\gbowne\Local Settings\Temp\~DF5DA1.tmp not found!
    File\Folder C:\Documents and Settings\gbowne\Local Settings\Temp\~WRD0067.doc not found!
    File\Folder C:\Documents and Settings\gbowne\Local Settings\Temporary Internet Files\Content.Word\~WRS0002.tmp not found!

    Registry entries deleted on Reboot...
     
  25. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    OK.........................
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...