Solved Google hijack virus - completed the 6 steps and need help

Status
Not open for further replies.

bowneline

Posts: 16   +0
I first completed steps 1-3 without any hits from the virus/malware software. My search engines are still being hijacked.

Step 3, Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/7/2011 2:26:12 PM
mbam-log-2011-03-07 (14-26-12).txt

Scan type: Quick scan
Objects scanned: 206622
Time elapsed: 17 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Step 4, GMER:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-07 16:17:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16 ST380815AS rev.3.CHF
Running: tnrfrkgc.exe; Driver: C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT 8B05C430 ZwAlertResumeThread
SSDT 8AE82630 ZwAlertThread
SSDT \SystemRoot\system32\drivers\dwprot.sys ZwAllocateVirtualMemory [0xA5D0B088]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateKey [0xA5B8F6FA]
SSDT 8AE6E998 ZwCreateMutant
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcess [0xA5B6DF68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcessEx [0xA5B6E230]
SSDT \SystemRoot\system32\drivers\dwprot.sys ZwCreateThread [0xA5D0C1E0]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwDeleteKey [0xA5B900B4]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwDeleteValueKey [0xA5B9043E]
SSDT \SystemRoot\system32\drivers\dwprot.sys ZwFreeVirtualMemory [0xA5D0B306]
SSDT 8AF254B0 ZwImpersonateAnonymousToken
SSDT 8AEC7270 ZwImpersonateThread
SSDT 8AF402A8 ZwMapViewOfSection
SSDT 8AED3630 ZwOpenEvent
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwOpenKey [0xA5B8E938]
SSDT 8B0260A8 ZwOpenProcessToken
SSDT \SystemRoot\system32\drivers\dwprot.sys ZwOpenSection [0xA5D0AED2]
SSDT 8AE5BD28 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xBA29D8B0]
SSDT \SystemRoot\system32\drivers\dwprot.sys ZwQueueApcThread [0xA5D0C2E2]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwRenameKey [0xA5B90982]
SSDT 8AF58380 ZwResumeThread
SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSetContextThread [0xA5D0C32E]
SSDT 8AE5BDB8 ZwSetInformationProcess
SSDT 8AF91180 ZwSetInformationThread
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwSetValueKey [0xA5B8FAB8]
SSDT 8AF80610 ZwSuspendProcess
SSDT 8AF4F510 ZwSuspendThread
SSDT \SystemRoot\system32\drivers\dwprot.sys ZwSystemDebugControl [0xA5D0AE00]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwTerminateProcess [0xA5B6D9D8]
SSDT 8AE887F8 ZwTerminateThread
SSDT 8AF58A30 ZwUnmapViewOfSection
SSDT \SystemRoot\system32\drivers\dwprot.sys ZwWriteVirtualMemory [0xA5D0B416]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C90 8050452C 4 Bytes JMP 1132D017
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [10, 06, F8, 8A, 10, F5, F4, ...]
? system32\drivers\dwprot.sys The system cannot find the path specified. !
? C:\DOCUME~1\gbowne\LOCALS~1\Temp\911qXxk1.sys The system cannot find the file specified. !
? system32\drivers\pctDS.sys The system cannot find the path specified. !
? system32\drivers\pctEFA.sys The system cannot find the path specified. !
? system32\drivers\PCTCore.sys The system cannot find the path specified. !
? C:\Program Files\PC Tools Security\PCTSDInj32.sys The system cannot find the file specified. !
? C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpow.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[952] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01480001
.text C:\Program Files\Symantec AntiVirus\SmcGui.exe[1708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02F60001
.text C:\WINDOWS\system32\igfxsrvc.exe[2428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001
.text C:\WINDOWS\system32\igfxpers.exe[2548] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EB0001
.text ...
.text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[3680] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 30F8F621 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE[3700] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 30F8F621 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation)
.text C:\WINDOWS\system32\hkcmd.exe[3872] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E00001
.text C:\Program Files\iTunes\iTunesHelper.exe[3896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01850001

---- Devices - GMER 1.0.15 ----

Device 89AA46F0
Device 88E44C78
Device 897E7E98
Device 88FCA780
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 88AFCDE0
Device 898913A8
Device 890267C0
Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp dwprot.sys

Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp dwprot.sys

Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program Files\Symantec AntiVirus\Smc.exe [1552] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1588] 0x10000000

---- EOF - GMER 1.0.15 ----


Step 5, DDS:

DDS:

DDS (Ver_11-03-05.01) - NTFSx86
Run by gbowne at 16:28:14.06 on Mon 03/07/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2426 [GMT -8:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gbowne\Desktop\dds.pif
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ocintranet.ocgov.com/
uInternet Connection Wizard,ShellNext = hxxp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3459245&prodTypeId=12454&prodSeriesId=3459241&swLang=13&taskId=135&swEnvOID=1093
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Time Matters: {00f17ece-12da-46a0-b541-bde4eb7df027} - c:\tmw7e\TMIETB.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Time Matters: {00f17ece-12da-46a0-b541-bde4eb7df027} - c:\tmw7e\TMIETB.DLL
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10m_ActiveX.exe -update activex
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LayoutM] KLayMgr.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: efile1.occourts.org
Trusted Zone: lexis.com
Trusted Zone: lexisnexis.com
Trusted Zone: microsoft.com
Trusted Zone: ocgov.com\webproxy-1
Trusted Zone: ocgov.com\webproxy-2
Trusted Zone: ocgov.com\webproxy-3
Trusted Zone: ocgov.com\webproxy-4
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217454450312
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217454501750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://coco.sweb.ocgov.com/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\gbowne\applic~1\mozilla\firefox\profiles\meiijc8o.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-3 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-5-3 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2010-5-3 1831024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-10 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110303.021\NAVENG.SYS [2011-3-3 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110303.021\NAVEX15.SYS [2011-3-3 1360760]
R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctds.sys --> c:\windows\system32\drivers\pctDS.sys [?]
R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctefa.sys --> c:\windows\system32\drivers\pctEFA.sys [?]
RUnknown DwProt;DwProt; [x]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-5-3 23888]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [2008-7-30 46976]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [2004-10-24 7796]
.
=============== Created Last 30 ================
.
2011-03-07 22:08:30 -------- d-----w- c:\docume~1\gbowne\applic~1\Malwarebytes
2011-03-07 21:40:38 -------- d-----w- c:\program files\PC Tools Security
2011-03-07 21:40:38 -------- d-----w- c:\program files\common files\PC Tools
2011-03-07 20:26:33 -------- d-----w- c:\documents and settings\gbowne\DoctorWeb
2011-03-07 20:11:58 388096 ----a-r- c:\docume~1\gbowne\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-07 20:11:57 -------- d-----w- c:\program files\Trend Micro
2011-03-07 19:21:55 -------- d-----w- c:\docume~1\gbowne\applic~1\f-secure
2011-03-07 19:21:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
2011-03-04 04:12:51 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-03-04 00:57:00 -------- dc-h--w- c:\windows\ie8
2011-03-02 22:11:12 98304 --sha-r- c:\windows\system32\ntlanui2I.dll
2011-02-17 22:36:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\Juniper Networks
2011-02-17 22:36:16 -------- d-----w- c:\docume~1\gbowne\applic~1\Juniper Networks
2011-02-08 23:42:46 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
.
==================== Find3M ====================
.
2011-02-03 05:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 03:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 16:28:34.49 ===============


Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/6/2008 10:18:32 AM
System Uptime: 3/5/2011 7:38:26 AM (57 hours ago)
.
Motherboard: Hewlett-Packard | | 0AA8h
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | XU1 PROCESSOR | 2327/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 64 GiB total, 44.345 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.215 GiB free.
E: is CDROM (CDFS)
G: is NetworkDisk (NTFS) - 92 GiB total, 20.196 GiB free.
L: is NetworkDisk (NTFS) - 92 GiB total, 20.196 GiB free.
N: is NetworkDisk (NTFS) - 92 GiB total, 20.196 GiB free.
T: is NetworkDisk (NTFS) - 106 GiB total, 66.742 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Serial Port
Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_2818103C&REV_02\3&B1BFB68&0&1B
Manufacturer:
Name: PCI Serial Port
PNP Device ID: PCI\VEN_8086&DEV_29B7&SUBSYS_2818103C&REV_02\3&B1BFB68&0&1B
Service:
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&16E8443F&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&16E8443F&0
Service: i8042prt
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\IFX0102\1
Manufacturer:
Name:
PNP Device ID: ACPI\IFX0102\1
Service:
.
==== System Restore Points ===================
.
RP1: 3/3/2011 4:55:04 PM - System Checkpoint
RP2: 3/3/2011 4:59:04 PM - Installed Windows Internet Explorer 8.
RP3: 3/3/2011 5:00:04 PM - Software Distribution Service 3.0
RP4: 3/4/2011 3:00:15 AM - Software Distribution Service 3.0
RP5: 3/5/2011 3:21:34 AM - System Checkpoint
RP6: 3/6/2011 3:43:10 AM - System Checkpoint
RP7: 3/7/2011 4:43:09 AM - System Checkpoint
RP8: 3/7/2011 12:11:56 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
32 Bit HP BiDi Channel Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Compatibility Pack for the 2007 Office system
Configuration Manager Client
Critical Update for Windows Media Player 11 (KB959772)
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Help and Support
HP Product Detection
HP USB Smart Card Keyboard
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 12.4.38.0
Intel® Management Engine Interface
InterVideo WinDVD
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 7
Juniper Networks Setup Client
Juniper Terminal Services Client
Legal Solutions Plus
LightScribe System Software 1.12.29.2
LiveUpdate 3.3 (Symantec Corporation)
LS Plus Form Installer
LS Plus Product Browser
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
OGA Notifier 2.0.0048.0
PDF-XChange 3
QuickTime
RDC
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype web features
Skype™ 4.1
Sonic Activation Module
SoundMAX
Symantec Endpoint Protection
Time Matters 7.0 Enterprise - Legal Series
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
WIMGAPI
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
3/7/2011 11:38:30 AM, error: PlugPlayManager [11] - The device Root\LEGACY_FSBL\0000 disappeared from the system without first being prepared for removal.
3/3/2011 4:55:39 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
2/28/2011 8:48:40 AM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
2/28/2011 8:44:55 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
MBRCheck report:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0008285c

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EC2000 KSecDD.sys
0xB9E35000 Ntfs.sys
0xB9E08000 NDIS.sys
0xB9DEE000 Mup.sys
0xBA6E4000 \SystemRoot\system32\DRIVERS\smsmdm.sys
0xB98B2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB932F000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xBA188000 \SystemRoot\system32\DRIVERS\HECI.sys
0xB92F2000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB92CE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB92A6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA198000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB9292000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA574000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB926F000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA3F8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA57C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA6EF000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA580000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9258000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA400000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB91FA000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA228000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA408000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA410000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB90AA000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA268000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB9088000 \SystemRoot\system32\DRIVERS\teefer2.sys
0xBA5CE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB902A000 \SystemRoot\system32\DRIVERS\update.sys
0xB9DCA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA288000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA8E93000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA8E6F000 \SystemRoot\system32\drivers\portcls.sys
0xBA318000 \SystemRoot\system32\drivers\drmk.sys
0xA8E55000 \SystemRoot\system32\drivers\AEAudio.sys
0xA8DE2000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xA8C97000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110303.021\NAVEX15.SYS
0xA8C72000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xA8C5E000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110303.021\NAVENG.SYS
0xB98CE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA158000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA440000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB98CA000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB918A000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xBA5E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA72C000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA458000 \SystemRoot\System32\drivers\vga.sys
0xBA5EC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA460000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA468000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA550000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8C2B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8BD2000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA298000 \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
0xA8BAC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA8B5C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8B3A000 \SystemRoot\System32\drivers\afd.sys
0xBA118000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8AD0000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xA8AA5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8A35000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA238000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8937000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xA891A000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB915A000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8902000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA604000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA590000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA480000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA747000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D9000 \SystemRoot\System32\igxpdx32.DLL
0xA87DA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8425000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA664000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA80FD000 \SystemRoot\system32\DRIVERS\srv.sys
0xBF459000 \SystemRoot\System32\ATMFD.DLL
0xA7CD4000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7ED5000 \??\C:\WINDOWS\system32\CCM\prepdrv.sys
0xBA4A0000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xA7B49000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xA797C000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7DCD000 \SystemRoot\system32\drivers\sysaudio.sys
0xA5CF7000 \SystemRoot\system32\drivers\dwprot.sys
0xA5CC4000 \??\C:\DOCUME~1\gbowne\LOCALS~1\Temp\911qXxk1.sys
0xA5C42000 \SystemRoot\system32\drivers\pctDS.sys
0xA5B9D000 \SystemRoot\system32\drivers\pctEFA.sys
0xA5B60000 \SystemRoot\system32\drivers\PCTCore.sys
0xA6375000 \??\C:\Program Files\PC Tools Security\PCTSDInj32.sys
0xA5B50000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA5780000 \??\C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpow.sys
0xA573D000 \??\C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpoc.sys
0xA56EA000 \??\C:\WINDOWS\system32\drivers\WpsHelper.sys
0xBA3B0000 \??\C:\DOCUME~1\gbowne\LOCALS~1\Temp\mbr.sys
0xA545C000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 48):
0 System Idle Process
4 System
860 C:\WINDOWS\system32\smss.exe
908 csrss.exe
932 C:\WINDOWS\system32\winlogon.exe
976 C:\WINDOWS\system32\services.exe
988 C:\WINDOWS\system32\lsass.exe
1140 C:\WINDOWS\system32\svchost.exe
1256 svchost.exe
1392 C:\WINDOWS\system32\svchost.exe
1552 C:\Program Files\Symantec AntiVirus\Smc.exe
1588 svchost.exe
1780 svchost.exe
1880 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
236 C:\WINDOWS\system32\spoolsv.exe
292 scardsvr.exe
368 svchost.exe
536 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
596 C:\WINDOWS\system32\rundll32.exe
660 C:\Program Files\Bonjour\mDNSResponder.exe
704 C:\Program Files\Java\jre6\bin\jqs.exe
1344 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1468 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1504 C:\WINDOWS\system32\svchost.exe
1520 C:\WINDOWS\system32\svchost.exe
1568 C:\WINDOWS\system32\svchost.exe
1612 C:\Program Files\Symantec AntiVirus\Rtvscan.exe
396 C:\WINDOWS\system32\CCM\CcmExec.exe
2224 alg.exe
2416 wmiprvse.exe
3336 wmiprvse.exe
3324 C:\WINDOWS\explorer.exe
1708 C:\Program Files\Symantec AntiVirus\SmcGui.exe
432 C:\Program Files\Analog Devices\Core\smax4pnp.exe
3872 C:\WINDOWS\system32\hkcmd.exe
2428 C:\WINDOWS\system32\igfxsrvc.exe
2548 C:\WINDOWS\system32\igfxpers.exe
952 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
3896 C:\Program Files\iTunes\iTunesHelper.exe
3672 C:\WINDOWS\system32\ctfmon.exe
3028 C:\Program Files\iPod\bin\iPodService.exe
3700 C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
3680 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
4900 C:\Program Files\Internet Explorer\iexplore.exe
4324 C:\Program Files\Internet Explorer\iexplore.exe
2076 C:\Program Files\Internet Explorer\iexplore.exe
4564 C:\Program Files\Internet Explorer\iexplore.exe
4208 C:\Documents and Settings\gbowne\Local Settings\Temporary Internet Files\Content.IE5\X6HE2XKT\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000010`1aa33200 (NTFS)

PhysicalDrive0 Model Number: ST380815AS, Rev: 3.CHF

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

RKUunhooker report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB932F000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5779456 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1D9000 C:\WINDOWS\System32\igxpdx32.DLL 2621440 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1617920 bytes (Intel Corporation, Component GHAL Driver)
0xA8C97000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110303.021\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)
0xA5B9D000 C:\WINDOWS\system32\drivers\pctEFA.sys 675840 bytes
0xB9E35000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA8A35000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA8AD0000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 434176 bytes (Symantec Corporation, SPBBC Driver)
0xA8937000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB902A000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA8BD2000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA80FD000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA5C42000 C:\WINDOWS\system32\drivers\pctDS.sys 356352 bytes
0xA8E93000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 323584 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xA8DE2000 C:\WINDOWS\System32\Drivers\SRTSP.SYS 307200 bytes (Symantec Corporation, Symantec AutoProtect)
0xBF459000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA7CD4000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB92F2000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 249856 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xA5B60000 C:\WINDOWS\system32\drivers\PCTCore.sys 249856 bytes
0xA5CC4000 C:\DOCUME~1\gbowne\LOCALS~1\Temp\911qXxk1.sys 208896 bytes
0xB90AA000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8425000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9E08000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA545C000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA8AA5000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB92A6000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA8B5C000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA56EA000 C:\WINDOWS\system32\drivers\WpsHelper.sys 163840 bytes (Symantec Corporation, Symantec Intrusion Detection - WpsHelper)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA8BAC000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8C72000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xA8E6F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB92CE000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB926F000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA7B49000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xA8B3A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB9088000 C:\WINDOWS\system32\DRIVERS\teefer2.sys 139264 bytes (Symantec Corporation, Symantec CMC Firewall Teefer2)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xA5CF7000 C:\WINDOWS\system32\drivers\dwprot.sys 131072 bytes
0xB9EEB000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA891A000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xA8E55000 C:\WINDOWS\system32\drivers\AEAudio.sys 106496 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xB9DEE000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9F0B000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA573D000 C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpoc.sys 98304 bytes
0xA5780000 C:\DOCUME~1\gbowne\LOCALS~1\Temp\axldqpow.sys 98304 bytes
0xA8902000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9EC2000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB9258000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA797C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA8C5E000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110303.021\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB9292000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB98B2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8C2B000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9ED9000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB91FA000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB915A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA318000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA7DCD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA298000 C:\WINDOWS\system32\drivers\wpsdrvnt.sys 57344 bytes (Symantec Corporation, Symantec CMC Firewall WPS)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA198000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA238000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\HECI.sys 45056 bytes (Intel Corporation, Intel(R) Management Engine Interface)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA208000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA288000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB918A000 C:\WINDOWS\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xBA268000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA158000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA118000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA59F8000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xA6375000 C:\Program Files\PC Tools Security\PCTSDInj32.sys 36864 bytes
0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA468000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xBA440000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA3B0000 C:\DOCUME~1\gbowne\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3F8000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA4A0000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA458000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA460000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA408000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA410000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA480000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB9DCA000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA87DA000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA7ED5000 C:\WINDOWS\system32\CCM\prepdrv.sys 16384 bytes (Microsoft Corporation, SMS Software Metering Process Event Driver)
0xBA574000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA590000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB98CE000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB98CA000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA580000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA550000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA57C000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xA5B50000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA5EA000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA604000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5E6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5EC000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA664000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5EE000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5CE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5D8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6EF000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA747000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA72C000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA6E4000 C:\WINDOWS\system32\DRIVERS\smsmdm.sys 4096 bytes (Microsoft Corporation, RDP Miniport)
0x898913A8 unknown_irp_handler 3160 bytes
0x89AA46F0 unknown_irp_handler 2320 bytes
0x88FCA780 unknown_irp_handler 2176 bytes
0x890267C0 unknown_irp_handler 2112 bytes
0x88E44C78 unknown_irp_handler 904 bytes
0x88AFCDE0 unknown_irp_handler 544 bytes
0x897E7E98 unknown_irp_handler 360 bytes
==============================================
>Stealth
==============================================


Nothing detected :(
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thank you very much for your help.

I ran ComboFix. When it asked me to install a Recovery Console, I said "okay," but then it said that i was not conntected to the internet. I check my computer, it said that I was connected to the internet. So, I ran the program, but apparanlty without the Recovery Console.

Here is the Combofix.txt:

ComboFix 11-03-08.03 - gbowne 03/09/2011 8:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2895 [GMT -8:00]
Running from: F:\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Quicktime\QTTask.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-08 22:07 . 2011-03-08 22:07 -------- d-----w- c:\program files\iPod
2011-03-08 22:07 . 2011-03-08 22:08 -------- d-----w- c:\program files\iTunes
2011-03-08 22:03 . 2011-03-08 22:03 -------- d-----w- c:\program files\Bonjour
2011-03-07 22:08 . 2011-03-07 22:08 -------- d-----w- c:\documents and settings\gbowne\Application Data\Malwarebytes
2011-03-07 21:40 . 2011-03-07 21:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-07 20:26 . 2011-03-07 20:26 -------- d-----w- c:\documents and settings\gbowne\DoctorWeb
2011-03-07 20:11 . 2011-03-07 20:11 388096 ----a-r- c:\documents and settings\gbowne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-07 20:11 . 2011-03-07 20:11 -------- d-----w- c:\program files\Trend Micro
2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\gbowne\Application Data\f-secure
2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-03-04 04:12 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-03-04 00:57 . 2011-03-04 00:59 -------- dc-h--w- c:\windows\ie8
2011-03-02 22:11 . 2011-03-02 22:11 98304 --sha-r- c:\windows\system32\ntlanui2I.dll
2011-02-22 16:28 . 2011-02-22 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\gbowne\Application Data\Juniper Networks
2011-02-08 23:42 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 05:40 . 2010-04-20 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 03:19 . 2008-08-28 00:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 02:09 . 2009-09-03 14:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2009-09-03 14:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"LayoutM"="KLayMgr.exe" [2004-08-26 45056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-03 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1268\Scripts\Logon\0\0]
"Script"=TS-webproxy.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logoff\0\0]
"Script"=map-delete.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\0\0]
"Script"=TS-webproxy.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\0]
"Script"=logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\1]
"Script"=checkcite.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\2]
"Script"=Lexis trusted site.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/10/2010 8:02 PM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/3/2010 9:57 AM 23888]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [7/30/2008 3:31 PM 46976]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/24/2004 11:04 PM 7796]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 19:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ocintranet.ocgov.com/
uInternet Connection Wizard,ShellNext = hxxp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3459245&prodTypeId=12454&prodSeriesId=3459241&swLang=13&taskId=135&swEnvOID=1093
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: efile1.occourts.org
Trusted Zone: lexis.com
Trusted Zone: lexisnexis.com
Trusted Zone: microsoft.com
Trusted Zone: ocgov.com\webproxy-1
Trusted Zone: ocgov.com\webproxy-2
Trusted Zone: ocgov.com\webproxy-3
Trusted Zone: ocgov.com\webproxy-4
FF - ProfilePath - c:\documents and settings\gbowne\Application Data\Mozilla\Firefox\Profiles\meiijc8o.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 09:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-03-09 09:08:44
ComboFix-quarantined-files.txt 2011-03-09 17:08
.
Pre-Run: 47,502,958,592 bytes free
Post-Run: 48,903,090,176 bytes free
.
- - End Of File - - 5E35E2E219F3CC37D0C2D857575F8980
 
Running from: F:\ComboFix.exe
My instructions clearly say to run Combofix from computer's desktop.
Copy combofix.exe to your desktop and re-run it.
Post new log.

===================================================================

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\system32\ntlanui2I.dll
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
Sorry about not running it from the desktop. I ran it from the desktop and the results are below. I also ran the file you cited on virustotal.com The results are also below. Thank you very much.

Combofix:

ComboFix 11-03-08.03 - gbowne 03/09/2011 9:56.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2777 [GMT -8:00]
Running from: c:\documents and settings\gbowne\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-08 22:07 . 2011-03-08 22:07 -------- d-----w- c:\program files\iPod
2011-03-08 22:07 . 2011-03-08 22:08 -------- d-----w- c:\program files\iTunes
2011-03-08 22:03 . 2011-03-08 22:03 -------- d-----w- c:\program files\Bonjour
2011-03-07 22:08 . 2011-03-07 22:08 -------- d-----w- c:\documents and settings\gbowne\Application Data\Malwarebytes
2011-03-07 21:40 . 2011-03-07 21:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-07 20:26 . 2011-03-07 20:26 -------- d-----w- c:\documents and settings\gbowne\DoctorWeb
2011-03-07 20:11 . 2011-03-07 20:11 388096 ----a-r- c:\documents and settings\gbowne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-07 20:11 . 2011-03-07 20:11 -------- d-----w- c:\program files\Trend Micro
2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\gbowne\Application Data\f-secure
2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-03-04 04:12 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-03-04 00:57 . 2011-03-04 00:59 -------- dc-h--w- c:\windows\ie8
2011-03-02 22:11 . 2011-03-02 22:11 98304 --sha-r- c:\windows\system32\ntlanui2I.dll
2011-02-22 16:28 . 2011-02-22 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\gbowne\Application Data\Juniper Networks
2011-02-08 23:42 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 05:40 . 2010-04-20 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 03:19 . 2008-08-28 00:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 02:09 . 2009-09-03 14:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2009-09-03 14:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"LayoutM"="KLayMgr.exe" [2004-08-26 45056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-03 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1268\Scripts\Logon\0\0]
"Script"=TS-webproxy.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logoff\0\0]
"Script"=map-delete.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\0\0]
"Script"=TS-webproxy.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\0]
"Script"=logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\1]
"Script"=checkcite.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\2]
"Script"=Lexis trusted site.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/10/2010 8:02 PM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/3/2010 9:57 AM 23888]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [7/30/2008 3:31 PM 46976]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/24/2004 11:04 PM 7796]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 19:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ocintranet.ocgov.com/
uInternet Connection Wizard,ShellNext = hxxp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3459245&prodTypeId=12454&prodSeriesId=3459241&swLang=13&taskId=135&swEnvOID=1093
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: efile1.occourts.org
Trusted Zone: lexis.com
Trusted Zone: lexisnexis.com
Trusted Zone: microsoft.com
Trusted Zone: ocgov.com\webproxy-1
Trusted Zone: ocgov.com\webproxy-2
Trusted Zone: ocgov.com\webproxy-3
Trusted Zone: ocgov.com\webproxy-4
FF - ProfilePath - c:\documents and settings\gbowne\Application Data\Mozilla\Firefox\Profiles\meiijc8o.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 09:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(552)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-09 10:00:18
ComboFix-quarantined-files.txt 2011-03-09 18:00
.
Pre-Run: 48,869,584,896 bytes free
Post-Run: 48,888,504,320 bytes free
.
- - End Of File - - F33730F753E205AA34380924352DE6C4


Virustotal.com results:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: ntdll.dll
Submission date: 2011-03-09 18:03:37 (UTC)
Current status: queued queued analysing finished


Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.03.09.02 2011.03.09 -
AntiVir 7.11.4.141 2011.03.09 -
Antiy-AVL 2.0.3.7 2011.03.09 -
Avast 4.8.1351.0 2011.03.09 -
Avast5 5.0.677.0 2011.03.09 -
AVG 10.0.0.1190 2011.03.09 -
BitDefender 7.2 2011.03.09 -
CAT-QuickHeal 11.00 2011.03.09 -
ClamAV 0.96.4.0 2011.03.09 -
Commtouch 5.2.11.5 2011.03.09 -
Comodo 7925 2011.03.09 -
DrWeb 5.0.2.03300 2011.03.09 -
Emsisoft 5.1.0.2 2011.03.09 -
eSafe 7.0.17.0 2011.03.07 -
eTrust-Vet 36.1.8205 2011.03.09 -
F-Prot 4.6.2.117 2011.03.09 -
F-Secure 9.0.16440.0 2011.03.09 -
Fortinet 4.2.254.0 2011.03.09 -
GData 21 2011.03.09 -
Ikarus T3.1.1.97.0 2011.03.09 -
Jiangmin 13.0.900 2011.03.09 -
K7AntiVirus 9.92.4065 2011.03.09 -
Kaspersky 7.0.0.125 2011.03.09 -
McAfee 5.400.0.1158 2011.03.09 -
McAfee-GW-Edition 2010.1C 2011.03.09 -
Microsoft 1.6603 2011.03.09 -
NOD32 5939 2011.03.09 -
Norman 6.07.03 2011.03.09 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.09 -
PCTools 7.0.3.5 2011.03.09 -
Prevx 3.0 2011.03.09 -
Rising 23.48.02.06 2011.03.09 -
Sophos 4.63.0 2011.03.09 -
SUPERAntiSpyware 4.40.0.1006 2011.03.09 -
Symantec 20101.3.0.103 2011.03.09 -
TheHacker 6.7.0.1.146 2011.03.08 -
TrendMicro 9.200.0.1012 2011.03.09 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.09 -
VBA32 3.12.14.3 2011.03.09 -
VIPRE 8648 2011.03.09 -
ViRobot 2011.3.9.4349 2011.03.09 -
VirusBuster 13.6.243.0 2011.03.09 -
Additional informationShow all
MD5 : f8f0d25ca553e39dde485d8fc7fcce89
SHA1 : 66e2618e7aaf0b59e44aea5431893f3a765bb87b
SHA256: 54df909101aaec63234a5c33b51d6689fef58b943942bffa9606864f43ec1085
 
With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

p4357307.gif



Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

RC1-4.gif



  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    whatnext.png



  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt.
 
Thanks for the words of advice on the Recovery Console. I want to make sure I don't screw anything up in downloading the right one.

I went to the link you provided me on the Microsoft website to download the Recovery Console, but I can't determine which one of the many links is the appropirate Recovery Console. The link talks about downloading Set-up disks. I am not sure if that is the same thing as downloading the appropriate Recovery Console.

It is a little more confusing because it looks like one of the graphics you copied into your reply is not coming up on my computer, so I am not sure if it is trying to tell me some important information that will make it more clear what I am suppossed to do.

I would really appreciate a bit more guidance or clarification on downloading the right Recovery Console. It seems important, so I want to make sure I get it right.

Thanks,
 
Thanks for pointing me in the right direction with the Recovery Consule. I followed all your instructions and here is the updated report from ComboFix:


ComboFix 11-03-08.03 - gbowne 03/09/2011 11:06:56.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2783 [GMT -8:00]
Running from: c:\documents and settings\gbowne\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\gbowne\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-08 22:07 . 2011-03-08 22:07 -------- d-----w- c:\program files\iPod
2011-03-08 22:07 . 2011-03-08 22:08 -------- d-----w- c:\program files\iTunes
2011-03-08 22:03 . 2011-03-08 22:03 -------- d-----w- c:\program files\Bonjour
2011-03-07 22:08 . 2011-03-07 22:08 -------- d-----w- c:\documents and settings\gbowne\Application Data\Malwarebytes
2011-03-07 21:40 . 2011-03-07 21:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-07 20:26 . 2011-03-07 20:26 -------- d-----w- c:\documents and settings\gbowne\DoctorWeb
2011-03-07 20:11 . 2011-03-07 20:11 388096 ----a-r- c:\documents and settings\gbowne\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-07 20:11 . 2011-03-07 20:11 -------- d-----w- c:\program files\Trend Micro
2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\gbowne\Application Data\f-secure
2011-03-07 19:21 . 2011-03-07 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2011-03-04 04:12 . 2009-07-27 23:17 135168 -c----w- c:\windows\system32\dllcache\shsvcs.dll
2011-03-04 00:57 . 2011-03-04 00:59 -------- dc-h--w- c:\windows\ie8
2011-03-02 22:11 . 2011-03-02 22:11 98304 --sha-r- c:\windows\system32\ntlanui2I.dll
2011-02-22 16:28 . 2011-02-22 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Juniper Networks
2011-02-17 22:36 . 2011-02-17 22:36 -------- d-----w- c:\documents and settings\gbowne\Application Data\Juniper Networks
2011-02-08 23:42 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 05:40 . 2010-04-20 15:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 03:19 . 2008-08-28 00:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-21 14:44 . 2004-08-04 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 02:09 . 2009-09-03 14:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2009-09-03 14:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:59 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-09_17.07.13 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 2289664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"LayoutM"="KLayMgr.exe" [2004-08-26 45056]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-03 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1268\Scripts\Logon\0\0]
"Script"=TS-webproxy.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logoff\0\0]
"Script"=map-delete.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\0\0]
"Script"=TS-webproxy.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\0]
"Script"=logonscript.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\1]
"Script"=checkcite.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-775296729-3733440010-3911534914-1725\Scripts\Logon\1\2]
"Script"=Lexis trusted site.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
.
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/10/2010 8:02 PM 102448]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/3/2010 9:57 AM 23888]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [7/30/2008 3:31 PM 46976]
S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [10/24/2004 11:04 PM 7796]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 19:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ocintranet.ocgov.com/
uInternet Connection Wizard,ShellNext = hxxp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=3459245&prodTypeId=12454&prodSeriesId=3459241&swLang=13&taskId=135&swEnvOID=1093
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: efile1.occourts.org
Trusted Zone: lexis.com
Trusted Zone: lexisnexis.com
Trusted Zone: microsoft.com
Trusted Zone: ocgov.com\webproxy-1
Trusted Zone: ocgov.com\webproxy-2
Trusted Zone: ocgov.com\webproxy-3
Trusted Zone: ocgov.com\webproxy-4
FF - ProfilePath - c:\documents and settings\gbowne\Application Data\Mozilla\Firefox\Profiles\meiijc8o.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 11:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(4700)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-09 11:11:17
ComboFix-quarantined-files.txt 2011-03-09 19:11
ComboFix2.txt 2011-03-09 18:00
.
Pre-Run: 48,779,165,696 bytes free
Post-Run: 48,839,221,248 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DFE7489273943CF217B97AD2B153BA3E
 
Very good :)

How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The redirection problem appears to be gone!!

I am going to follow your direction on the previous post with OTL, and with post results
 
I ran the OTL software. I am copying the OTL.Txt report first, and then the Extras.txt report in a seperate reply.

OTL.Txt:

OTL logfile created on: 3/9/2011 2:01:46 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\gbowne\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.42 Gb Total Space | 45.48 Gb Free Space | 70.61% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 6.22 Gb Free Space | 62.08% Space Free | Partition Type: NTFS
Drive F: | 488.00 Mb Total Space | 449.95 Mb Free Space | 92.20% Space Free | Partition Type: FAT
Drive G: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
Drive L: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
Drive N: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
Drive T: | 105.66 Gb Total Space | 68.01 Gb Free Space | 64.37% Space Free | Partition Type: NTFS

Computer Name: CCXPJ008 | User Name: gbowne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/09 13:32:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gbowne\Desktop\OTL.exe
PRC - [2010/05/03 09:57:36 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/03 09:57:36 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/05/03 09:57:34 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Smc.exe
PRC - [2010/05/03 09:57:34 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2010/05/03 09:57:34 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\SmcGui.exe
PRC - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/09 13:32:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gbowne\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/05/03 09:57:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/03 09:57:36 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/05/03 09:57:34 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Smc.exe -- (SmcService)
SRV - [2010/05/03 09:57:34 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/05/03 09:57:34 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec AntiVirus\SNAC.EXE -- (SNAC)
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)


========== Driver Services (SafeList) ==========

DRV - [2011/01/18 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110303.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/18 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110303.021\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/10 22:32:20 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2010/06/01 08:49:50 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/01 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/01 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/03 09:57:40 | 000,043,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2010/05/03 09:57:36 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/05/03 09:57:36 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/05/03 09:57:36 | 000,097,096 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2010/05/03 09:57:36 | 000,067,472 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2010/05/03 09:57:36 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/05/03 09:57:30 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/05/03 09:57:30 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/09/18 03:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2008/10/20 19:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2007/12/20 15:32:12 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/05/11 18:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/11/07 03:32:00 | 000,046,976 | R--- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPKBCCID.sys -- (HPKBCCID)
DRV - [2004/10/24 23:04:00 | 000,007,796 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Stc2Dfu.sys -- (STC2DFU)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ocintranet.ocgov.com/
IE - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/23 15:44:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/14 08:44:44 | 000,000,000 | ---D | M]

[2009/09/09 16:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gbowne\Application Data\Mozilla\Extensions
[2011/03/02 16:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gbowne\Application Data\Mozilla\Firefox\Profiles\meiijc8o.default\extensions
[2010/04/28 14:02:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\gbowne\Application Data\Mozilla\Firefox\Profiles\meiijc8o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/02 16:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 07:22:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/23 07:08:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/20 07:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/20 08:26:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/22 08:28:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/04/20 07:22:27 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/03/09 09:07:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\tmw7e\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. )
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Time Matters) - {00F17ECE-12DA-46A0-B541-BDE4EB7DF027} - C:\tmw7e\tmietb.dll (LexisNexis, a division of Reed Elsevier Inc. )
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LayoutM] C:\WINDOWS\KLayMgr.exe (Chicony)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: efile1.occourts.org ([]http in Trusted sites)
O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: lexis.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: lexisnexis.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: microsoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: ocgov.com ([webproxy-1] http in Trusted sites)
O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: ocgov.com ([webproxy-2] http in Trusted sites)
O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: ocgov.com ([webproxy-3] http in Trusted sites)
O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: ocgov.com ([webproxy-4] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1217454450312 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1217454501750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://coco.sweb.ocgov.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.252 172.31.0.148
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = coco.ocgoventerprise.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/30 13:25:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/09 13:59:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\gbowne\Desktop\OTL.exe
[2011/03/09 11:06:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/09 08:52:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/09 08:52:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/09 08:52:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/09 08:52:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/09 08:52:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/09 08:50:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/08 14:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/08 14:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/08 14:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/08 14:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/08 14:02:04 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/07 14:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\Application Data\Malwarebytes
[2011/03/07 13:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/07 12:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\DoctorWeb
[2011/03/07 12:11:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/07 12:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\Start Menu\Programs\HiJackThis
[2011/03/07 11:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\Application Data\f-secure
[2011/03/07 11:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/03/03 16:57:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/02/22 08:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/02/17 14:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\Start Menu\Programs\Juniper Networks
[2011/02/17 14:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/02/17 14:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gbowne\Application Data\Juniper Networks
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/09 13:59:55 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\Microsoft Office Word 2003.lnk
[2011/03/09 13:32:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gbowne\Desktop\OTL.exe
[2011/03/09 11:06:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/09 09:07:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/08 18:41:38 | 004,283,114 | R--- | M] () -- C:\Documents and Settings\gbowne\My Documents\ComboFix.exe
[2011/03/08 18:41:38 | 004,283,114 | R--- | M] () -- C:\Documents and Settings\gbowne\Desktop\ComboFix.exe
[2011/03/08 14:58:39 | 000,446,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/08 14:58:39 | 000,073,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/08 14:56:33 | 000,000,473 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2011/03/08 14:54:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/08 14:53:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/08 14:08:45 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/08 14:03:51 | 000,700,318 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/08 11:31:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/08 08:33:13 | 000,032,086 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\RKUunhooker
[2011/03/07 16:28:00 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\dds.pif
[2011/03/07 14:34:06 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\tnrfrkgc.exe
[2011/03/07 12:12:12 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\HiJackThis.lnk
[2011/03/04 03:01:13 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/03 17:04:24 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\gbowne\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/03 09:26:33 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/03/02 16:52:01 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\gbowne\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/03/02 14:11:12 | 000,098,304 | RHS- | M] () -- C:\WINDOWS\System32\ntlanui2I.dll
[2011/02/08 16:30:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\gbowne\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/02/08 15:51:18 | 000,311,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/09 11:06:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/09 11:06:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/09 09:54:06 | 004,283,114 | R--- | C] () -- C:\Documents and Settings\gbowne\Desktop\ComboFix.exe
[2011/03/09 09:53:47 | 004,283,114 | R--- | C] () -- C:\Documents and Settings\gbowne\My Documents\ComboFix.exe
[2011/03/09 08:52:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/09 08:52:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/09 08:52:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/09 08:52:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/09 08:52:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/08 14:08:45 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/08 08:33:13 | 000,032,086 | ---- | C] () -- C:\Documents and Settings\gbowne\Desktop\RKUunhooker
[2011/03/07 16:27:59 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\gbowne\Desktop\dds.pif
[2011/03/07 14:34:06 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\gbowne\Desktop\tnrfrkgc.exe
[2011/03/07 13:41:06 | 000,700,318 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/07 12:11:57 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\gbowne\Desktop\HiJackThis.lnk
[2011/03/03 17:04:24 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\gbowne\Start Menu\Programs\Internet Explorer.lnk
[2011/03/02 14:11:12 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\ntlanui2I.dll
[2010/09/21 11:14:13 | 000,001,604 | ---- | C] () -- C:\Program Files\QuickTime Player.lnk
[2010/08/23 07:13:21 | 000,001,729 | ---- | C] () -- C:\Program Files\Adobe Reader 9.lnk
[2010/05/06 10:31:39 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/20 10:37:41 | 000,065,568 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/08/26 13:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/08/26 09:44:16 | 000,000,185 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/07/31 13:38:09 | 000,000,473 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/31 13:29:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/07/31 10:57:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/07/31 10:57:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/07/31 10:57:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/07/31 10:57:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/07/31 10:57:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/07/31 10:57:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/07/31 10:39:51 | 000,000,966 | ---- | C] () -- C:\WINDOWS\TMW70.INI
[2008/07/30 16:22:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/30 15:29:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2008/07/30 13:26:59 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/07/30 13:22:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/07/30 05:10:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/07/30 05:09:06 | 000,311,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/07/03 11:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/10/12 15:35:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Instx64.exe
[2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/08/04 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,446,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,073,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/07/30 15:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2008/07/30 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2011/03/07 11:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/02/17 14:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2008/07/30 15:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/03/07 13:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/18 07:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/06 11:27:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/15 11:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/07 11:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/07/30 15:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2008/07/30 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Search
[2011/03/07 11:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gbowne\Application Data\f-secure
[2011/02/17 14:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gbowne\Application Data\Juniper Networks
[2008/07/30 15:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gbowne\Application Data\Windows Desktop Search
[2008/07/30 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\gbowne\Application Data\Windows Search
[2009/07/30 15:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\old_gbowne\Application Data\InterVideo
[2008/07/30 15:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\old_gbowne\Application Data\Windows Desktop Search
[2008/07/30 15:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\old_gbowne\Application Data\Windows Search
[2008/07/31 10:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\srivers\Application Data\InterVideo

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/07/30 13:25:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/06 09:18:10 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/09 11:06:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/03/09 11:11:18 | 000,013,684 | ---- | M] () -- C:\ComboFix.txt
[2008/07/30 13:25:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/30 13:25:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/30 13:25:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/26 09:09:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/08 14:53:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2006/04/24 07:59:38 | 000,000,028 | ---- | M] () -- C:\tm.bat

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/07/30 13:25:07 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/04/04 21:01:40 | 000,272,896 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp5r1.DLL
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/08/23 07:13:21 | 000,001,729 | ---- | M] () -- C:\Program Files\Adobe Reader 9.lnk
[2010/09/21 11:14:13 | 000,001,604 | ---- | M] () -- C:\Program Files\QuickTime Player.lnk

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/07/30 05:08:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/30 05:08:23 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/30 05:08:23 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/26 09:14:45 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/09/09 15:59:55 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\gbowne\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2008/07/30 15:24:08 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\gbowne\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/03/08 18:41:38 | 004,283,114 | R--- | M] () -- C:\Documents and Settings\gbowne\Desktop\ComboFix.exe
[2011/03/09 13:32:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gbowne\Desktop\OTL.exe
[2011/03/07 14:34:06 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\gbowne\Desktop\tnrfrkgc.exe
[2011/03/09 11:03:28 | 004,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\gbowne\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2011/03/08 18:41:38 | 004,283,114 | R--- | M] () -- C:\Documents and Settings\gbowne\My Documents\ComboFix.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/26 09:25:05 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\gbowne\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/05/06 10:39:13 | 000,008,334 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/03/09 11:44:42 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\gbowne\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 16:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 10:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 10:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 10:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 
Here is the Extras.Txt report

Extras.Txt:

OTL Extras logfile created on: 3/9/2011 2:01:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\gbowne\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.42 Gb Total Space | 45.48 Gb Free Space | 70.61% Space Free | Partition Type: NTFS
Drive D: | 10.01 Gb Total Space | 6.22 Gb Free Space | 62.08% Space Free | Partition Type: NTFS
Drive F: | 488.00 Mb Total Space | 449.95 Mb Free Space | 92.20% Space Free | Partition Type: FAT
Drive G: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
Drive L: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
Drive N: | 92.22 Gb Total Space | 20.04 Gb Free Space | 21.73% Space Free | Partition Type: NTFS
Drive T: | 105.66 Gb Total Space | 68.01 Gb Free Space | 64.37% Space Free | Partition Type: NTFS

Computer Name: CCXPJ008 | User Name: gbowne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec AntiVirus\Smc.exe" = C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec AntiVirus\SNAC.EXE" = C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10BB6280-4D34-11D4-B77B-000083617EED}" = LS Plus Form Installer
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7EFA9E45-BC04-4613-B88F-079B01C9F862}" = HP USB Smart Card Keyboard
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{888D0F50-FF0A-4808-966E-23D63277BF2A}" = Intel(R) Network Connections 12.4.38.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC5B8C48-3B91-11D4-816D-0000832E20BE}" = LS Plus Product Browser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E3B48D63-75B2-4D36-8EE8-175F7497873F}" = Legal Solutions Plus
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF-XChange 3_is1" = PDF-XChange 3
"RDC" = RDC
"Time Matters 7.0 Enterprise - Legal Series" = Time Matters 7.0 Enterprise - Legal Series
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/7/2011 5:53:02 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Common Files\Symantec
Shared\ccApp.exe Event Info: Resume Thread Action Taken: Logged Actor Process:
C:\Program Files\PC Tools Security\UmInject32.exe (PID 2580) Time: Monday, March
07, 2011 1:53:02 PM

Error - 3/7/2011 5:53:02 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\SmcGui.exe Event Info: Allocation Memory Action Taken: Logged Actor Process:
C:\Program Files\PC Tools Security\UmInject32.exe (PID 2580) Time: Monday, March
07, 2011 1:53:02 PM

Error - 3/7/2011 5:53:02 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\SmcGui.exe Event Info: Write Memory Action Taken: Logged Actor Process:
C:\Program Files\PC Tools Security\UmInject32.exe (PID 2580) Time: Monday, March
07, 2011 1:53:02 PM

Error - 3/7/2011 5:53:02 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\SmcGui.exe Event Info: Create Thread Action Taken: Logged Actor Process:
C:\Program Files\PC Tools Security\UmInject32.exe (PID 2580) Time: Monday, March
07, 2011 1:53:02 PM

Error - 3/7/2011 5:53:02 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\SmcGui.exe Event Info: Resume Thread Action Taken: Logged Actor Process:
C:\Program Files\PC Tools Security\UmInject32.exe (PID 2580) Time: Monday, March
07, 2011 1:53:02 PM

Error - 3/7/2011 8:54:07 PM | Computer Name = CCXPJ008 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Cookie:gbowne@bs.serving-sys.com/
by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description:
The file was deleted successfully.

Error - 3/8/2011 2:59:03 AM | Computer Name = CCXPJ008 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 3/8/2011 3:59:13 AM | Computer Name = CCXPJ008 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 3/9/2011 12:14:52 AM | Computer Name = CCXPJ008 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 3/9/2011 1:15:00 AM | Computer Name = CCXPJ008 | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

[ System Events ]
Error - 3/4/2011 7:18:45 AM | Computer Name = CCXPJ008 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 3/4/2011 9:26:46 AM | Computer Name = CCXPJ008 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/5/2011 11:15:39 AM | Computer Name = CCXPJ008 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 3/5/2011 11:15:58 AM | Computer Name = CCXPJ008 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/5/2011 11:40:31 AM | Computer Name = CCXPJ008 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 3/5/2011 11:40:54 AM | Computer Name = CCXPJ008 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/7/2011 11:40:55 AM | Computer Name = CCXPJ008 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/7/2011 3:38:30 PM | Computer Name = CCXPJ008 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_FSBL\0000 disappeared from the system without
first being prepared for removal.

Error - 3/8/2011 6:56:47 PM | Computer Name = CCXPJ008 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 3/9/2011 12:57:13 PM | Computer Name = CCXPJ008 | Source = Service Control Manager | ID = 7034
Description = The Smart Card service terminated unexpectedly. It has done this
1 time(s).


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: efile1.occourts.org ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: lexis.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: lexisnexis.com ([]http in Trusted sites)
    O15 - HKU\S-1-5-21-775296729-3733440010-3911534914-1725\..Trusted Domains: microsoft.com ([]http in Trusted sites)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" =-
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I ran OTL again with the Custom Scans/Fixes code you gave me. The results are below (it will take two posts). I will run the rest of those scans next and will post the appropriate results.

OTL:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\efile1.occourts.org\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lexis.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\lexisnexis.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-775296729-3733440010-3911534914-1725\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\003379_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 142588610 bytes

User: gbowne
->Temp folder emptied: 4078 bytes
->Temporary Internet Files folder emptied: 118944953 bytes
->Java cache emptied: 49949739 bytes
->FireFox cache emptied: 67541682 bytes
->Apple Safari cache emptied: 8568832 bytes
->Flash cache emptied: 230715 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49219 bytes

User: old_gbowne
->Temp folder emptied: 2744 bytes
->Temporary Internet Files folder emptied: 472589929 bytes
->Java cache emptied: 44202487 bytes
->FireFox cache emptied: 63443747 bytes
->Google Chrome cache emptied: 6780940 bytes
->Apple Safari cache emptied: 9663488 bytes
->Flash cache emptied: 61458 bytes

User: srivers
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 81999 bytes
->Java cache emptied: 2023 bytes
->Flash cache emptied: 723 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 439 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 939.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: gbowne
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: old_gbowne
->Flash cache emptied: 0 bytes

User: srivers
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03092011_153533

Files\Folders moved on Reboot...
C:\Documents and Settings\gbowne\Local Settings\Temp\ExchangePerflog_8484fa3125f0f1d7cfcccd43.dat moved successfully.
File\Folder C:\Documents and Settings\gbowne\Local Settings\Temp\~DF3E09.tmp not found!
File\Folder C:\Documents and Settings\gbowne\Local Settings\Temp\~DF5A18.tmp not found!
File\Folder C:\Documents and Settings\gbowne\Local Settings\Temporary Internet Files\Content.Word\~WRS4020.tmp not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\,728x90,1008x150,9x1;p=t;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=4515615212875466[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\,728x90,1008x150,9x1;p=t;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9825164361257128[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\00x250,300x600,11x1;p=tr;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8140027965603740[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\00x250,300x600,11x1;p=tr;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8682918671595733[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\0x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9869061703775222[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\1;sz=1x1,4x1;p=f1;ifb=pf;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9825164361257128[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\3MDQ0NTMxODI@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Movie,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwMjg4NTkxMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwMTI5NDEwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwMzA4ODIwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwNjA5MzEzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwNjEwODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwNjMxODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwNjYxMzYwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwODU3MTI4Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwODUwNTE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwODY5NzA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwOTc1NzQwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\5BanBnXkFtZTcwOTQ1NDMwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\aindetails;tile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;id=tt0875034;g=m;g=ro;tt=f;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=1917046556473147[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\DEzNjAwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\ile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9869061703775222[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\nBnXkFtZTcwMjMzMjg3Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-180,BottomLeft,129,-130_CR129,130,130,95_ZATrailer,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\sz=1x1,4x1;p=f1;ifb=pf;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2350136056938243[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\TE0NDk5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\tile=4;sz=728x90,2x1;p=b;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=4515615212875466[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=9082590769855984 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\TY0Mjg5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\wMDcwMTE4Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,129,-130_CR129,130,130,95_ZAFull%20Movie,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\XkFtZTcwMjQxODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAWeb%20Only,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\XkFtZTcwMzg4NjE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAWeb%20Only,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\YJUR4NZ8\XkFtZTcwOTc4ODc0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAFeaturette,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=6969543575778394 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=6969543575778394 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\business;s2=realestate;s3=blogs;s4=southcoasthomes;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=3635401759948840[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\business;s2=realestate;s3=blogs;s4=southcoasthomes;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=3635401759948840[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\de%253Dsant%253Bkw%253D%253Bref%253Docregister[1].com%253Btest%253D%253Bfci%253Dad%253Bdcopt%253D%253Btile%253D1%253Bsz%253D728x90%253Bord%253D7845544167035297%253F not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=9606188904109490 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=4864278362129559 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=9551541005352244 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\STWZ46JF\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=4864278362129559 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\RAMSTTIO\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\RAMSTTIO\5BanBnXkFtZTcwOTY1NDAwMg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-180,BottomLeft,129,-130_CR129,130,130,95_ZAClip,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\RAMSTTIO\details;tile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=co;tt=f;id=tt1185431;coo=usa;m=PG13;s=67;s=34;s=279;s=97;s=46;s=10;s=288;s=14;s=19;;ord=1197522775218814[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\RAMSTTIO\egelife;s1=news;s2=education;s3=blogs;s4=collegelife;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=6954473932535780 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\RAMSTTIO\Tk3OTE4Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\,728x90,1008x150,9x1;p=t;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8682918671595733[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\0x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=7795452817544682[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\1;sz=1x1,4x1;p=f1;ifb=pf;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8103924950058661[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\1;sz=1x1,4x1;p=f1;ifb=pf;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8140027965603740[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\1;sz=1x1,4x1;p=f1;ifb=pf;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8682918671595733[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\28x90,1008x150,9x1;p=t;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2350136056938243[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMDkxMTg2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMjkwODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMTk5NzA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMTM4MDY5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMzc5MjM0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwMzc5NzA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwNDA1NjQwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZANews,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwNjA1OTQ1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwNjA4NzE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwNTE5NDI0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwNzAxODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwODQ5ODY2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwODU5NzA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwOTAxODE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwOTQ5ODY2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\5BanBnXkFtZTcwOTY1Mjg5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\DAwMTg1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\details;tile=1;sz=1x1,4x1;p=f1;ifb=pf;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3356843789137240[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\details;tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=dr;id=tt0935075;tt=f;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=7608559704551179[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\DM5NjIwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\eQWpwZ15BbWU3MDk3Njg3NDI@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAPromo,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\ile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8584039095603944[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\indetails;tile=1;sz=1x1,4x1;p=f1;ifb=pf;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8584039095603944[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\le=4;sz=728x90,2x1;p=b;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2350136056938243[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\maindetails;tile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;id=tt0875034;g=m;g=ro;tt=f;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=1397092143290698[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\nBnXkFtZTcwMzg2NjA2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\nBnXkFtZTcwNjQ0MDE2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\ndetails;tile=1;sz=1x1,4x1;p=f1;ifb=pf;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=889521207116140[1].7 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\nXkFtZTcwNDY5ODc0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAInterview,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\tails;tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=brc;id=tt1279935;g=co;tt=f;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8738313154692550[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\TcxMjA1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\TgxNzEwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=brc;id=tt0875034;g=m;g=ro;tt=f;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=1917046556473147[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\tile=5;sz=728x90,2x1;p=b;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9825164361257128[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\TIzOTUyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=9082590769855984 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\wMjUzMjQ2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Movie,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\MZO87X6L\x600,120x600,11x1;p=tr;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2350136056938243[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\K7T3DACW\3MDE3ODkyOTE@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Movie,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\K7T3DACW\ch;s1=outdoors;s2=watersports;s3=blogs;s4=beach;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=6097778527152018 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\K7T3DACW\ciencedude;s1=news;s2=tech;s3=blogs;s4=sciencedude;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=680751251860919[1].htm not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\K7T3DACW\egelife;s1=news;s2=education;s3=blogs;s4=collegelife;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=6954473932535780 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\K7T3DACW\zk2NzE4Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,129,-130_CR129,130,130,95_ZAFull%20Episode,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\5BanBnXkFtZTcwMzEzMjcyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\e=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=co;tt=f;id=tt1185431;coo=usa;m=PG13;s=67;s=34;s=279;s=97;s=46;s=10;s=288;s=14;s=19;;ord=7574284860615750[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\egelife;s1=news;s2=education;s3=blogs;s4=collegelife;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=6954473932535780 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\jk3OTE4Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\nBnXkFtZTcwODY1MzQ3Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\nBnXkFtZTcwOTc2NjE4Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-180,BottomLeft,129,-130_CR129,130,130,95_ZATrailer,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\nXkFtZTcwNTk1MzY2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAInterview,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\sciencedude;s1=news;s2=tech;s3=blogs;s4=sciencedude;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=680751251860919[1].4 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\TMwMDI4Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,129,-130_CR129,130,130,95_ZAFull%20Episode,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\HIWW1KHI\XkFtZTcwMjg5OTY2MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAFeaturette,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\-2009-little-Road-Runner-Melanie-Oudin-aims-high-after-Maria-Sharapova-shock[1].html&spaceid=box1&sz=120x60&sz=120x90&sz=120x120&ls=f&transactionID=0909092225100388 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\-Road-Runner-Melanie-Oudin-aims-high-after-Maria-Sharapova-shock[1].html&spaceid=mpu&sz=200x200&sz=240x400&sz=250x250&sz=300x250&ls=f&transactionID=0909092225100388 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=6969543575778394 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=6969543575778394 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\business;s2=realestate;s3=blogs;s4=southcoasthomes;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=3635401759948840[1].5 not found!
 
OTL results (PART II):

File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\de%253Dsant%253Bkw%253D%253Bref%253Docregister[1].com%253Btest%253D%253Bfci%253Dad%253Bdcopt%253D%253Btile%253D1%253Bsz%253D728x90%253Bord%253D8599735099350780%253F not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=9606188904109490 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=2;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=9551541005352244 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\GIT21201\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=316209615919757[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\de%253Dsant%253Bkw%253D%253Bref%253Docregister[1].com%253Btest%253D%253Bfci%253Dad%253Bdcopt%253D%253Btile%253D1%253Bsz%253D728x90%253Bord%253D5848660953025905%253F not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=4064016330542023 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=4064016330542023 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=9606188904109490 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=4064016330542023 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=9606188904109490 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\Melanie-Oudin-aims-high-after-Maria-Sharapova-shock[1].html&spaceid=dhtml&sz=120x240&sz=120x400&sz=120x600&sz=120x800&sz=300x600&ls=f&transactionID=0909092225100388 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=4864278362129559 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=316209615919757[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\DNFEF3BX\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=316209615919757[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[2].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[3].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[4].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\20,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_CR0,14,120,76_BO14,83,105,140_CR14,0,120,90_ZAat%20ABC%20%BB,3,0,14,120,verdenab,7,255,255,255,1_[5].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\5BanBnXkFtZTcwODMwOTg3Mg@@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-180,BottomLeft,129,-130_CR129,130,130,95_ZAClip,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\ach;s1=outdoors;s2=watersports;s3=blogs;s4=beach;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=ist;tile=1;sz=1x1;ord=6097778527152018 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\ch;s1=outdoors;s2=watersports;s3=blogs;s4=beach;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=6097778527152018 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\ch;s1=outdoors;s2=watersports;s3=blogs;s4=beach;pos=2;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=4;sz=300x250;ord=6097778527152018 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\details;tile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=co;tt=f;id=tt1185431;coo=usa;m=PG13;s=67;s=34;s=279;s=97;s=46;s=10;s=288;s=14;s=19;;ord=7574284860615750[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\e=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=co;tt=f;id=tt1185431;coo=usa;m=PG13;s=67;s=34;s=279;s=97;s=46;s=10;s=288;s=14;s=19;;ord=1197522775218814[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\egelife;s1=news;s2=education;s3=blogs;s4=collegelife;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=6954473932535780 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\sciencedude;s1=news;s2=tech;s3=blogs;s4=sciencedude;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=680751251860919[1].4 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\sciencedude;s1=news;s2=tech;s3=blogs;s4=sciencedude;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=680751251860919[1].4 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\B13QOED8\sciencedude;s1=news;s2=tech;s3=blogs;s4=sciencedude;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=680751251860919[1].4 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\,728x90,1008x150,9x1;p=t;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8103924950058661[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\0x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3617094328323448[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\1;p=f1;ifb=pf;id=tt1417732;g=co;tt=tv;id=tt0386676;b=t250a;g=brc;id=nm0752407;g=dr;k=c;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2663395601415411[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\1;sz=1x1,4x1;p=f1;ifb=pf;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=4515615212875466[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMjc5NDYyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMjIxODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMTE2OTg2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMTUwODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMzczMzgyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMzIzMDAwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwMzQ5NzAzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwNjc5NzA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwNjU2NDIzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwNzcxNTE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwNzEzMjYxMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\5BanBnXkFtZTcwNzY2NDQzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\60x600,120x600,11x1;p=tr;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=9825164361257128[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\8x150,9x1;p=t;id=tt1417732;g=co;tt=tv;id=tt0386676;b=t250a;g=brc;id=nm0752407;g=dr;k=c;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2663395601415411[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\9bwnKRsZNzjyh2jweFEEIo1kU7uwssfKfIpoPitpgDUdKi7tvACSS9BS9[1].lHhMMiFosCIdiaoixdteBQZNvbakopLdMm1QsAzLHk1cnMm5pSPn4yHrq8fKW8tBBRxksrVBXe_QlNVQ9U3Vf3a9jd927ZX_RdHoTtN not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=8379216734398254 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=8379216734398254 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\DgwODMwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\DM3ODY0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\DMyNDcyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\e=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3356843789137240[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\etails;tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=fm;tt=f;coo=usa;id=tt1323594;g=an;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=5114683573665458[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\ile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3617094328323448[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\indetails;tile=1;sz=1x1,4x1;p=f1;ifb=pf;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=7795452817544682[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\JeQWpwZ15BbWU3MDE3OTcwOTE@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\jI5MTA1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\le=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=889521207116140[1].7 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\maindetails;tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=dr;tt=f;id=tt0810819;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3606165620247102[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\maindetails;tile=5;sz=728x90,2x1;p=b;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=889521207116140[1].7 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\nBnXkFtZTcwMjQ2OTI3Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TczNTg0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TE1NTkxMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TE2NTIzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TEzODk5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\tile=5;sz=728x90,2x1;p=b;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8103924950058661[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TIxMTkyMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TkwNDUxMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\TYxMDQzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\AO4U97LQ\wMzc2Nzk2Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Movie,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\-2009-little-Road-Runner-Melanie-Oudin-aims-high-after-Maria-Sharapova-shock[1].html&spaceid=box2&sz=120x60&sz=120x90&sz=120x120&ls=f&transactionID=0909092225100388 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\3Dsant%253Bkw%253D%253Bref%253Dfreedomblogging[1].com%253Btest%253D%253Bfci%253Dad%253Bdcopt%253D%253Btile%253D1%253Bsz%253D728x90%253Bord%253D4864278362129559%253F not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\business;s2=realestate;s3=blogs;s4=southcoasthomes;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=3635401759948840[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\food;s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=4064016330542023 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\otalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=316209615919757[1].htm not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=9551541005352244 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=1;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=9551541005352244 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\s1=entertainment;s2=dining;s3=blogs;s4=fastfood;pos=2;dcode=ocr;pcode=sant;kw=;ref=freedomblogging[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=4864278362129559 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=3;sz=300x250;ord=316209615919757[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\US-Open-2009-little-Road-Runner-Melanie-Oudin-aims-high-after-Maria-Sharapova-shock[1].html&spaceid=banner&sz=728x90&sz=468x60&ls=f&transactionID=0909092225100388 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\A7IYPPL4\usiness;s2=realestate;s3=blogs;s4=southcoasthomes;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister.com;test=;fci=ad;dcopt=;tile=1;sz=728x90;ord=3635401759948840[1].htm not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\,728x90,1008x150,9x1;p=t;id=nm0000106;g=dr;g=bi;id=tt0758751;id=rg2229115392;tt=tv;coo=usa;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8140027965603740[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\0x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8584039095603944[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3356843789137240[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\28x90,2x1;p=b;id=tt1417732;g=co;tt=tv;id=tt0386676;b=t250a;g=brc;id=nm0752407;g=dr;k=c;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2663395601415411[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMjc4ODc2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMjI0Mzk5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMTAxODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMTgwODA5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMTU4ODgzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwMzcyMjA1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwNDg2NjE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwNjE5NDI0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwNjgxMTg2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwNTE3NTkxMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwODMyNTE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwOTg3NzE5MQ@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\5BanBnXkFtZTcwOTQxODUwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAClip,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\600,11x1;p=tr;id=tt1417732;g=co;tt=tv;id=tt0386676;b=t250a;g=brc;id=nm0752407;g=dr;k=c;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=2663395601415411[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\60x600,120x600,11x1;p=tr;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=4515615212875466[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\60x600,120x600,11x1;p=tr;g=th;id=tt0247082;coo=ca;tt=tv;b=t250a;g=cr;k=e;g=dr;coo=usa;g=my;k=c;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=8103924950058661[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=8379216734398254 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\ansner;s1=business;s2=realestate;s3=blogs;s4=lansner;pos=2;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=5;sz=160x600;ord=8379216734398254 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\DA5MjU0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\Dc1Njg0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\Dc5MTM0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\DQzOTkyNTI@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\DU2ODY0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\eQWpwZ15BbWU3MDg4MzcxODI@._V1._SX127_SY95_BO130,0,0,0_PIimdb-play-bar2-180,BottomLeft,129,-130_CR129,130,130,95_ZAPromo,37,68,27,93,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\ile=2;sz=468x60,728x90,1008x150,9x1;p=t;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=7795452817544682[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\jI5NjQ1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\jI5OTkzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\jU4MjY1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\maindetails;tile=5;sz=728x90,2x1;p=b;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=3356843789137240[1].5 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\mUjolTNyuTiyn6oUYxdCL7iyHd3qUUm7S6wcS68Cpzn9QLPJ4GrqNvFYs4rc8f6DTHaGKnsiD8mSzg_r7jOYOsSrPGCzN9faGIvC0s9_D6QWiKjNWXUY7CFbXe1zz61V2uGxX_nULZVYMiauAnZ2y[1].x_7A2foChM- not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\nBnXkFtZTcwNTE4ODc0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZATrailer,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\nXkFtZTcwMDA0Nzc2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAInterview,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\nXkFtZTcwODY3NjY2MQ@@._V1._SX112_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,116,-120_CR116,120,120,90_ZAInterview,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\s;tile=3;sz=300x250,300x600,160x600,120x600,11x1;p=tr;g=brc;id=tt0875034;g=m;g=ro;tt=f;coo=usa;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=1397092143290698[1] not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\TE1MjgzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=2;sz=984x300;ord=9082590769855984 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\totalbuzz;s1=news;s2=politics;s3=blogs;s4=totalbuzz;pos=1;dcode=ocr;pcode=sant;kw=;ref=ocregister[1].com;test=;fci=ad;dcopt=;tile=4;sz=160x600;ord=9082590769855984 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\wODM5NDU3Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Movie,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\x250,300x600,160x600,120x600,11x1;p=tr;g=brc;g=dr;g=co;tt=tv;id=tt0386676;coo=usa;k=c;b=t250a;s=34;s=97;s=46;s=294;s=124;s=118;s=120;s=341;;ord=889521207116140[1].7 not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\XkFtZTcwODExOTI1Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-180,BottomLeft,120,-120_CR120,120,120,90_ZAWeb%20Only,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\zE3ODY0Mg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\zg2MTYzMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!
File\Folder C:\Documents and Settings\old_gbowne\Local Settings\Temporary Internet Files\Content.IE5\3MX7ETPQ\zM0MTUwMg@@._V1._SX120_SY90_BO120,0,0,0_PIimdb-play-bar2-gold-180,BottomLeft,120,-120_CR120,120,120,90_ZAFull%20Episode,37,63,27,83,verdenab,9,255,255,255,1_[1].jpg not found!

Registry entries deleted on Reboot...
 
Security Check results:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Symantec AntiVirus Smc.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus SmcGui.exe
``````````End of Log````````````
 
I ran the TFC program. It ran for awhile, then restarted. It did not appear to produce a report.

I then ran the ESET Online Scanner. It ran for awhile, but then said "No Threats Found." Per your post, it did not produce a report.

Again, thank you for your help and let me know what the next step is.
 
Uninstall Java(TM) 6 Update 7 .

Update Firefox to the latest 3.6.15 version.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

=====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
Here is the OTL "system restore" log. I'm doing the rest of the stuff now.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: gbowne
->Temp folder emptied: 3006 bytes
->Temporary Internet Files folder emptied: 91750291 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3625 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: old_gbowne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: srivers
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: gbowne
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: old_gbowne
->Flash cache emptied: 0 bytes

User: srivers
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 03102011_133255

Files\Folders moved on Reboot...
C:\Documents and Settings\gbowne\Local Settings\Temp\ExchangePerflog_8484fa3125f0f1d7cfcccd43.dat moved successfully.
File\Folder C:\Documents and Settings\gbowne\Local Settings\Temp\~DF5D83.tmp not found!
File\Folder C:\Documents and Settings\gbowne\Local Settings\Temp\~DF5DA1.tmp not found!
File\Folder C:\Documents and Settings\gbowne\Local Settings\Temp\~WRD0067.doc not found!
File\Folder C:\Documents and Settings\gbowne\Local Settings\Temporary Internet Files\Content.Word\~WRS0002.tmp not found!

Registry entries deleted on Reboot...
 
Status
Not open for further replies.
Back