Help With Slow Computer

[jdidonato]

Hello,

My computer has been very slow lately and I"m wondering if it's malware etc. See logfile below and let me know what other information that you need.

John

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:12 PM, on 4/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login...mail.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O15 - Trusted Zone: http://www.1stdibs.com
O15 - Trusted Zone: http://www.3d-diva.com
O15 - Trusted Zone: http://www.3d-win.com
O15 - Trusted Zone: http://www.3darchitects.net
O15 - Trusted Zone: http://www.3ddreams.com
O15 - Trusted Zone: http://www.3dplanview.com
O15 - Trusted Zone: http://www.3drendering-studio.co.uk
O15 - Trusted Zone: http://www.5min.com
O15 - Trusted Zone: http://www.76house.com
O15 - Trusted Zone: http://www.a-van.com
O15 - Trusted Zone: http://www.aa.com
O15 - Trusted Zone: http://www.aaa.com
O15 - Trusted Zone: http://www.abbeyhartbrick.com
O15 - Trusted Zone: http://video.about.com
O15 - Trusted Zone: http://*.ace-stucco.com
O15 - Trusted Zone: http://www.acidstainflooring.com
O15 - Trusted Zone: http://www.acmebrick.com
O15 - Trusted Zone: http://*.acremon.com
O15 - Trusted Zone: http://*.activewrap.com
O15 - Trusted Zone: http://www.acypressinn.com
O15 - Trusted Zone: http://www.ad-archts.com
O15 - Trusted Zone: http://www.adamsandmyers.com
O15 - Trusted Zone: http://www.adbcm.com
O15 - Trusted Zone: http://www.addesso-arch.com
O15 - Trusted Zone: http://get.adobe.com
O15 - Trusted Zone: http://www.adolfoperez.com
O15 - Trusted Zone: http://www.adt.com
O15 - Trusted Zone: http://www.adultism.com
O15 - Trusted Zone: http://www.affordremodel.com
O15 - Trusted Zone: http://www.aga-ranges.com
O15 - Trusted Zone: http://www.ahearnschopfer.com
O15 - Trusted Zone: http://www.aia.org
O15 - Trusted Zone: http://www.aibd.org
O15 - Trusted Zone: http://www.akademapro.com
O15 - Trusted Zone: http://www.alba.com
O15 - Trusted Zone: http://www.aldilatrattoria.com
O15 - Trusted Zone: http://www.allevaconstruction.com
O15 - Trusted Zone: http://*.allrecipes.com
O15 - Trusted Zone: http://www.allseasonhomeinspection.com
O15 - Trusted Zone: http://www.altmanarchitecture.com
O15 - Trusted Zone: http://www.altusa.com
O15 - Trusted Zone: http://www.amanopizza.com
O15 - Trusted Zone: http://www.amaraassociates.com
O15 - Trusted Zone: http://www.amarr.com
O15 - Trusted Zone: http://*.amazingstuccoandstone.com
O15 - Trusted Zone: http://www.amazon.com
O15 - Trusted Zone: http://www.america-hotels.com
O15 - Trusted Zone: http://www.americanaccentsfurniture.com
O15 - Trusted Zone: http://www.americanexpress.com
O15 - Trusted Zone: http://www.americanstonehouse.com
O15 - Trusted Zone: http://www.amwoodworking.com
O15 - Trusted Zone: http://www.amysimonfineart.com
O15 - Trusted Zone: http://www.ancienttime.net
O15 - Trusted Zone: http://www.andreabocelli.com
O15 - Trusted Zone: http://www.andreawine.com
O15 - Trusted Zone: http://www.android.com
O15 - Trusted Zone: http://www.andycatterick.com
O15 - Trusted Zone: http://www.angelospizzany.com
O15 - Trusted Zone: http://www.angelosteakandpasta.com
O15 - Trusted Zone: http://www.annedeckerarchitects.com
O15 - Trusted Zone: http://www.antiquewatches.ch
O15 - Trusted Zone: http://beta.antiquorum.com
O15 - Trusted Zone: http://catalog.antiquorum.com
O15 - Trusted Zone: http://clients.antiquorum.com
O15 - Trusted Zone: http://www.antiquorum.com
O15 - Trusted Zone: http://video.ap.org
O15 - Trusted Zone: http://www.apathletics.com
O15 - Trusted Zone: http://videos.apnicommunity.com
O15 - Trusted Zone: http://www.archdaily.com
O15 - Trusted Zone: http://www.archifuture.com
O15 - Trusted Zone: http://*.architectura.tv
O15 - Trusted Zone: http://www.architectural-illustrators.com
O15 - Trusted Zone: http://www.architectural-ornament.com
O15 - Trusted Zone: http://www.architecturaldesigns.com
O15 - Trusted Zone: http://www.architecturalorn.com
O15 - Trusted Zone: http://www.arcrenderings.com
O15 - Trusted Zone: http://www.arcusblade.com
O15 - Trusted Zone: http://www.arinterior.com
O15 - Trusted Zone: http://www.armonteith.com
O15 - Trusted Zone: http://www.armourcoat.com
O15 - Trusted Zone: http://www.art-vizio.com
O15 - Trusted Zone: http://*.artcraftkitchens.com
O15 - Trusted Zone: http://www.artfact.com
O15 - Trusted Zone: http://www.artistbynaturepainting.com
O15 - Trusted Zone: http://www.artwolfe.com
O15 - Trusted Zone: http://www.atgvintagewatches.com
O15 - Trusted Zone: http://www.atlanticwood.net
O15 - Trusted Zone: http://www.atlasclosetsandcabinets.com
O15 - Trusted Zone: http://www.atouchofclasspainting.com
O15 - Trusted Zone: http://www.atticmag.com
O15 - Trusted Zone: http://ads.auctionads.com
O15 - Trusted Zone: http://patrizzi3.auctionsystem.co.uk
O15 - Trusted Zone: http://www.auctionzip.com
O15 - Trusted Zone: http://www.audiusa.com
O15 - Trusted Zone: http://forums.audiworld.com
O15 - Trusted Zone: http://www.autobritt.ch
O15 - Trusted Zone: http://www.autoshowny.com
O15 - Trusted Zone: http://www.avantnoire.com
O15 - Trusted Zone: http://*.avremodeling.com
O15 - Trusted Zone: http://www.axisarchitecturalstudio.com
O15 - Trusted Zone: http://www.axisrenders.com
O15 - Trusted Zone: http://www.azek.com
O15 - Trusted Zone: http://www.azhomecenterllc.com
O15 - Trusted Zone: http://www.azzamdesigns.com
O15 - Trusted Zone: http://www.bachmann-scher.de
O15 - Trusted Zone: http://www.bainultra.com
O15 - Trusted Zone: http://www.baldwinpergolas.com
O15 - Trusted Zone: http://www.bankofamerica.com
O15 - Trusted Zone: http://www.barefootgolf.com
O15 - Trusted Zone: http://www.barefootgolfvacations.com
O15 - Trusted Zone: http://www.barexchange.com
O15 - Trusted Zone: http://www.baseballamerica.com
O15 - Trusted Zone: http://www.baseballsavings.com
O15 - Trusted Zone: http://www.baseballu.net
O15 - Trusted Zone: http://www.batescorkern.com
O15 - Trusted Zone: http://www.batspeed.com
O15 - Trusted Zone: http://www.battlearchitects.com
O15 - Trusted Zone: http://www.bayeradvanced.com
O15 - Trusted Zone: http://newjersey.bbb.org
O15 - Trusted Zone: http://newyork.bbb.org
O15 - Trusted Zone: http://www.bbswim.org
O15 - Trusted Zone: http://*.bcexpos.com
O15 - Trusted Zone: http://www.beachsheetmetal.com
O15 - Trusted Zone: http://www.beautyrestblack.com
O15 - Trusted Zone: http://www.becco-nyc.com
O15 - Trusted Zone: http://www.bedfordmasonry.com
O15 - Trusted Zone: http://www.beldenbrick.com
O15 - Trusted Zone: http://www.bella-studios.com
O15 - Trusted Zone: http://www.bellfiresusa.com
O15 - Trusted Zone: http://www.benjaminfranklinplumbing.com
O15 - Trusted Zone: http://www.bensi.com
O15 - Trusted Zone: http://www.bentwoodkitchens.com
O15 - Trusted Zone: http://www.bergenbuilders.com
O15 - Trusted Zone: http://*.bergencatholicfootball.com
O15 - Trusted Zone: http://www.bertch.com
O15 - Trusted Zone: http://www.berthas.com
O15 - Trusted Zone: http://nyc.bestparking.com
O15 - Trusted Zone: http://www.bethge-watch.de
O15 - Trusted Zone: http://www.bethwebb.com
O15 - Trusted Zone: http://browsercheck.bevmo.com
O15 - Trusted Zone: http://www.bevmo.com
O15 - Trusted Zone: http://www.bgarciadesigns.com
O15 - Trusted Zone: http://*.binarydesign.org
O15 - Trusted Zone: http://www.bing.com
O15 - Trusted Zone: http://boston.bizjournals.com
O15 - Trusted Zone: http://*.blackforestinn.com
O15 - Trusted Zone: http://www.blancoamerica.com
O15 - Trusted Zone: http://www.blocklayer.com
O15 - Trusted Zone: http://www.bloglines.com
O15 - Trusted Zone: http://alteriordesign.blogspot.com
O15 - Trusted Zone: http://beauxmondesdesigns.blogspot.com
O15 - Trusted Zone: http://clawsonarchitects.blogspot.com
O15 - Trusted Zone: http://megemusings.blogspot.com
O15 - Trusted Zone: http://montresuisses.blogspot.com
O15 - Trusted Zone: http://refininglife.blogspot.com
O15 - Trusted Zone: http://teamfreas.blogspot.com
O15 - Trusted Zone: http://willowdecor.blogspot.com
O15 - Trusted Zone: http://www.bloomberg.com
O15 - Trusted Zone: http://www.bluechipprospects.com
O15 - Trusted Zone: http://www.bluegreenrentals.com
O15 - Trusted Zone: http://www.bluehillfarm.com
O15 - Trusted Zone: http://www.bluelinearch.com
O15 - Trusted Zone: http://www.bluestarcooking.com
O15 - Trusted Zone: http://www.bluewaternc.com
O15 - Trusted Zone: http://www.bmw.am
O15 - Trusted Zone: http://www.bmw.com
O15 - Trusted Zone: http://www.bmwusa.com
O15 - Trusted Zone: http://www.boardwalkplaza.com
O15 - Trusted Zone: http://www.boats.net
O15 - Trusted Zone: http://video.bobvila.com
O15 - Trusted Zone: http://www.bogoff.com
O15 - Trusted Zone: http://*.bonnercustomhomes.com
O15 - Trusted Zone: http://www.bonsecourscommunityhosp.org
O15 - Trusted Zone: http://www.boralbricks.com
O15 - Trusted Zone: http://*.boralbricks.com
O15 - Trusted Zone: http://www.bostondesignguide.com
O15 - Trusted Zone: http://*.boulter.com
O15 - Trusted Zone: http://www.bovineswoodfired.com
O15 - Trusted Zone: http://www.boxtreehomes.com
O15 - Trusted Zone: http://*.boysofsummercamp.com
O15 - Trusted Zone: http://www.bp.com
O15 - Trusted Zone: http://www.braceshop.com
O15 - Trusted Zone: http://www.bradjenkinsinc.com
O15 - Trusted Zone: http://www.break.com
O15 - Trusted Zone: http://www.breakingbreadwi.com
O15 - Trusted Zone: http://www.breitling.ch
O15 - Trusted Zone: http://*.brewburgersomaha.com
O15 - Trusted Zone: http://www.brick-restoration.com
O15 - Trusted Zone: http://www.brickface.com
O15 - Trusted Zone: http://www.brickimaging.com
O15 - Trusted Zone: http://www.brickmen.com
O15 - Trusted Zone: http://www.brickstaincompany.com
O15 - Trusted Zone: http://link.brightcove.com
O15 - Trusted Zone: http://www.brm-manufacture.com
O15 - Trusted Zone: http://www.broan.com
O15 - Trusted Zone: http://www.brownstoner.com
O15 - Trusted Zone: http://www.bucciassociates.com
O15 - Trusted Zone: http://www.budbeach.com
O15 - Trusted Zone: http://www.budget3drendering.com
O15 - Trusted Zone: http://www.buildinglime.co.uk
O15 - Trusted Zone: http://www.burkesbackyard.com.au
O15 - Trusted Zone: http://www.buxtoninc.com
O15 - Trusted Zone: http://www.buzandneds.com
O15 - Trusted Zone: http://www.cabinetsbynicholas.com
O15 - Trusted Zone: http://*.cablevision.com
O15 - Trusted Zone: http://www.cabuchon.com
O15 - Trusted Zone: http://www.cadoutsourcingservices.com
O15 - Trusted Zone: http://www.cafematisse.com
O15 - Trusted Zone: http://www.cafetivoli.com
O15 - Trusted Zone: http://www.caffereggio.com
O15 - Trusted Zone: http://www.calculated.com
O15 - Trusted Zone: http://www.calibre11.com
O15 - Trusted Zone: http://www.calicocorners.com
O15 - Trusted Zone: http://www.callahanarchitecture.com
O15 - Trusted Zone: http://locator.callawaygolf.com
O15 - Trusted Zone: http://shop.callawaygolf.com
O15 - Trusted Zone: http://www.callawaygolf.com
O15 - Trusted Zone: http://www.cambriausa.com
O15 - Trusted Zone: http://*.campaniarestaurant.com
O15 - Trusted Zone: http://www.campbellsoup.com
O15 - Trusted Zone: http://www.capitolhillhistorictudor.com
O15 - Trusted Zone: http://www.carapacecorp.com
O15 - Trusted Zone: http://www.carinacellars.com
O15 - Trusted Zone: http://www.ecostar.carlisle.com
O15 - Trusted Zone: http://www.carnegiehall.org
O15 - Trusted Zone: http://www.carvergroupinc.com
O15 - Trusted Zone: http://www.casavascarestaurant.com
O15 - Trusted Zone: http://www.cassovia.us
O15 - Trusted Zone: http://www.castlecontractors.com
O15 - Trusted Zone: http://*.castlecontractors.com
O15 - Trusted Zone: http://www.castrodesign.net
O15 - Trusted Zone: http://*.cathyfbensonaia.com
O15 - Trusted Zone: http://www.catnutrition.org
O15 - Trusted Zone: http://www.causemann-zifferblaetter.de
O15 - Trusted Zone: http://www.cbn.bz
O15 - Trusted Zone: http://www.cbs.com
O15 - Trusted Zone: http://www.cbssports.com
O15 - Trusted Zone: http://*.celsoconstruction.com
O15 - Trusted Zone: http://www.certainteed.com
O15 - Trusted Zone: http://www.cgrendering.com
O15 - Trusted Zone: http://*.chairsnmore.com
O15 - Trusted Zone: http://www.chakrarestaurant.com
O15 - Trusted Zone: http://www.chart-house.com
O15 - Trusted Zone: http://www.chezpanisse.com
O15 - Trusted Zone: http://www.chiefarchitect.com
O15 - Trusted Zone: http://www.chimneyrockinn.com
O15 - Trusted Zone: http://chowhound.chow.com
O15 - Trusted Zone: http://www.christianbrowndesign.com
O15 - Trusted Zone: http://www.christies.com
O15 - Trusted Zone: http://*.cigarinn.com
O15 - Trusted Zone: http://www.cigarinspector.com
O15 - Trusted Zone: http://www.cigarone.com
O15 - Trusted Zone: http://forums.cigarweekly.com
O15 - Trusted Zone: http://www.circatabac.com
O15 - Trusted Zone: http://www.cirquedusoleil.com
O15 - Trusted Zone: http://www.city-data.com
O15 - Trusted Zone: http://*.classcabs.com
O15 - Trusted Zone: http://www.classicdesignandbuild.com
O15 - Trusted Zone: http://www.claymex.com
O15 - Trusted Zone: http://*.claytile.com
O15 - Trusted Zone: http://www.clopaydoor.com
O15 - Trusted Zone: http://reviews.cnet.com
O15 - Trusted Zone: http://money.cnn.com
O15 - Trusted Zone: http://moremoney.blogs.money.cnn.com
O15 - Trusted Zone: http://www.cnn.com
O15 - Trusted Zone: http://www.coldriverfurniture.com
O15 - Trusted Zone: http://*.coldriverfurniture.com
O15 - Trusted Zone: http://www.coldwellbankermoves.com
O15 - Trusted Zone: http://www.colonialbrick.com
O15 - Trusted Zone: http://*.comerro.com
O15 - Trusted Zone: http://www.comfortaire.com
O15 - Trusted Zone: http://www.commorata-berardi.com
O15 - Trusted Zone: http://www.compleatgolfer.co.za
O15 - Trusted Zone: http://www.completewindowservices.com
O15 - Trusted Zone: http://bp.concerts.com
O15 - Trusted Zone: http://www.concrete-shop.com
O15 - Trusted Zone: http://www.concretebydesign-inc.com
O15 - Trusted Zone: http://www.condo-world.com
O15 - Trusted Zone: http://blogs.consumerreports.org
O15 - Trusted Zone: http://www.consumerreports.org
O15 - Trusted Zone: http://www.cooksillustrated.com
O15 - Trusted Zone: http://www.cookstr.com
O15 - Trusted Zone: http://www.cooperstownny.com
O15 - Trusted Zone: http://www.copelandrestaurant.com
O15 - Trusted Zone: http://www.corsicabinets.com
O15 - Trusted Zone: http://hillier.cosential.com
O15 - Trusted Zone: http://www.cousinsuk.com
O15 - Trusted Zone: http://www.crabgrassalert.com
O15 - Trusted Zone: http://www.craftmasters.net
O15 - Trusted Zone: http://www.craftrestaurant.com
O15 - Trusted Zone: http://www.craigcustombuilders.com
O15 - Trusted Zone: http://www.creativedesignconstruction.net
O15 - Trusted Zone: http://www.creorestaurant.com
O15 - Trusted Zone: http://www.croixcustomhomesinc.com
O15 - Trusted Zone: http://www.crossvilleinc.com
O15 - Trusted Zone: http://www.crown-point.com
O15 - Trusted Zone: http://www.crystalgolfresort.com
O15 - Trusted Zone: http://www.csiexteriors.net
O15 - Trusted Zone: http://www.ctnontime.com
O15 - Trusted Zone: http://www.cubanlous.com
O15 - Trusted Zone: http://*.cucharamama.com
O15 - Trusted Zone: http://www.cunninghambrick.com
O15 - Trusted Zone: http://www.curroarchitects.com
O15 - Trusted Zone: http://zagatsurvey.custhelp.com
O15 - Trusted Zone: http://www.customhomecontrol.com
O15 - Trusted Zone: http://www.customwoodanddesign.com
O15 - Trusted Zone: http://*.customwoodcraft.net
O15 - Trusted Zone: http://www.cutloose.com
O15 - Trusted Zone: http://www.dac-art.net
O15 - Trusted Zone: http://*.dailybail.com
O15 - Trusted Zone: http://www.dailymotion.com
O15 - Trusted Zone: http://www.dailystocks.com
O15 - Trusted Zone: http://www.dairyqueen.com
O15 - Trusted Zone: http://*.dassahaines.com
O15 - Trusted Zone: http://*.dautkmason.com
O15 - Trusted Zone: http://www.davinciroofscapes.com
O15 - Trusted Zone: http://www.dbarinc.com
O15 - Trusted Zone: http://www.dbkinteriors.com
O15 - Trusted Zone: http://www.dcakarchitecture.com
O15 - Trusted Zone: http://www.deadcellzones.com
O15 - Trusted Zone: http://www.deaddogsaloon.com
O15 - Trusted Zone: http://www.decolegno.com
O15 - Trusted Zone: http://www.decoratingden.com
O15 - Trusted Zone: http://www.decra.com
O15 - Trusted Zone: http://prestige.delcampe.net
O15 - Trusted Zone: http://www.delfriscos.com
O15 - Trusted Zone: http://www.delicate-pak.com
O15 - Trusted Zone: http://sprint.p.delivery.net
O15 - Trusted Zone: http://www.delorenzostomatopies.com
O15 - Trusted Zone: http://www.delpostonyc.com
O15 - Trusted Zone: http://www.demarestarchitects.com
O15 - Trusted Zone: http://www.demarini.com
O15 - Trusted Zone: http://www.demetrisarantitis.com
O15 - Trusted Zone: http://www.dennisonbertram.com
O15 - Trusted Zone: http://www.denniswedlick.com
O15 - Trusted Zone: http://www.dentetrading.com
O15 - Trusted Zone: http://www.dependable-mulch.com
O15 - Trusted Zone: http://*.designbuildnj.com
O15 - Trusted Zone: http://www.designedconcepts.com
O15 - Trusted Zone: http://digital.designnewengland.com
O15 - Trusted Zone: http://www.destinationkohler.com
O15 - Trusted Zone: http://*.dev-wellborn.com
O15 - Trusted Zone: http://www.dhadm.com
O15 - Trusted Zone: http://www.dialrefinish.net
O15 - Trusted Zone: http://www.diamondcabinets.com
O15 - Trusted Zone: http://www.dianeboyerinteriors.com
O15 - Trusted Zone: http://www.dianedurocherinteriors.com
O15 - Trusted Zone: http://www.dibellomasonry.net
O15 - Trusted Zone: http://www.dicararubino.com
O15 - Trusted Zone: http://www.dicarts.com
O15 - Trusted Zone: http://www.dinallosrestaurant.com
O15 - Trusted Zone: http://www.directv.com
O15 - Trusted Zone: http://www.dirtydickscrabs.com
O15 - Trusted Zone: http://www.divadeprovence.com
O15 - Trusted Zone: http://www.divinedininggroup.com
O15 - Trusted Zone: http://www.diynetwork.com
O15 - Trusted Zone: http://www.djgdevelop.com
O15 - Trusted Zone: http://www.dmrarchitects.com
O15 - Trusted Zone: http://www.dndinteriordesign.com
O15 - Trusted Zone: http://us.dockers.com
O15 - Trusted Zone: http://www.donboscoprep.com
O15 - Trusted Zone: http://www.donpablos.com
O15 - Trusted Zone: http://www.donquijote.org
O15 - Trusted Zone: http://templates.doteasy.com
O15 - Trusted Zone: http://www.doubleaasports.com
O15 - Trusted Zone: http://ad.doubleclick.net
O15 - Trusted Zone: http://www.dougiesbbq.com
O15 - Trusted Zone: http://*.draftermaxbrooklyn.com
O15 - Trusted Zone: http://www.draftingdesign.biz
O15 - Trusted Zone: http://www.draftingservicesinnewyork.info
O15 - Trusted Zone: http://www.draperdbs.com
O15 - Trusted Zone: http://www.drclark.net
O15 - Trusted Zone: http://www.dreamhomedesignusa.com
O15 - Trusted Zone: http://www.dremodeling.com
O15 - Trusted Zone: http://*.dsdixonarchitect.com
O15 - Trusted Zone: http://*.dslbi.com
O15 - Trusted Zone: http://*.dsworkroom.com
O15 - Trusted Zone: http://www.duvelusa.com
O15 - Trusted Zone: http://www.dwr.com
O15 - Trusted Zone: http://www.dyami.com
O15 - Trusted Zone: http://www.e-zpassny.com
O15 - Trusted Zone: http://www.eastonbaseball.com
O15 - Trusted Zone: http://www.eastonbellsports.com
O15 - Trusted Zone: http://baseball.eastonsports.com
O15 - Trusted Zone: http://www.eatmedaily.com
O15 - Trusted Zone: http://www.ebaumsworld.com
O15 - Trusted Zone: http://cgi.ebay.com
O15 - Trusted Zone: http://cgi3.ebay.com
O15 - Trusted Zone: http://contact.ebay.com
O15 - Trusted Zone: http://desc.shop.ebay.com
O15 - Trusted Zone: http://feedback.ebay.com
O15 - Trusted Zone: http://www.ecco-homes.com
O15 - Trusted Zone: http://www.ecdormer.com
O15 - Trusted Zone: http://www.ecolime.co.uk
O15 - Trusted Zone: http://*.eden-furniture.com
O15 - Trusted Zone: http://www.ehow.co.uk
O15 - Trusted Zone: http://www.ehow.com
O15 - Trusted Zone: http://*.eileenbassi.com
O15 - Trusted Zone: http://www.electrical-online.com
O15 - Trusted Zone: http://www.elementarchgroup.com
O15 - Trusted Zone: http://www.elitefootball.net
O15 - Trusted Zone: http://www.eliteqb.com
O15 - Trusted Zone: http://www.ellafitzgerald.com
O15 - Trusted Zone: http://2weektrial.emagcreator.com
O15 - Trusted Zone: http://*.emerichstucco.com
O15 - Trusted Zone: http://www.empirefire.com
O15 - Trusted Zone: http://productselector.emtekdoorlocks.com
O15 - Trusted Zone: http://www.enicar.com
O15 - Trusted Zone: http://www.epinions.com
O15 - Trusted Zone: http://www.episcopobuilders.com
O15 - Trusted Zone: http://www.eplans.com
O15 - Trusted Zone: http://www.eramohomes.com
O15 - Trusted Zone: http://www.esca-nyc.com
O15 - Trusted Zone: http://www.eskimix.com
O15 - Trusted Zone: http://*.etcsteakhouse.com
O15 - Trusted Zone: http://www.ethanallen.com
O15 - Trusted Zone: http://www.europeanwatch.com
O15 - Trusted Zone: http://www.evansarchitects.com
O15 - Trusted Zone: http://*.eventful.com
O15 - Trusted Zone: http://*.ewwoodwork.com
O15 - Trusted Zone: http://www.excelhomes.com
O15 - Trusted Zone: http://www.existingconditions.com
O15 - Trusted Zone: http://www.exotichomestore.com
O15 - Trusted Zone: http://www.fabianodesigns.com
O15 - Trusted Zone: http://apps.facebook.com
O15 - Trusted Zone: http://www.facebook.com
O15 - Trusted Zone: http://www.fairwaymarket.com
O15 - Trusted Zone: http://www.farmsteadgolf.com
O15 - Trusted Zone: http://www.farriersportinggoods.com
O15 - Trusted Zone: http://www.fc3arch.com
O15 - Trusted Zone: http://*.fedex.com
O15 - Trusted Zone: http://www.fellertusa.com
O15 - Trusted Zone: http://www.feltzandfrizzellarchitects.com
O15 - Trusted Zone: http://www.fernandessteakhouse.com
O15 - Trusted Zone: http://www.ferrarichat.com
O15 - Trusted Zone: http://www.fieldstonecabinetry.com
O15 - Trusted Zone: http://*.filconnect.com
O15 - Trusted Zone: http://watches.findler.info
O15 - Trusted Zone: http://sprint.findlocation.com
O15 - Trusted Zone: http://www.fioriinteriordesign.com
O15 - Trusted Zone: http://www.fireplacesnow.com
O15 - Trusted Zone: http://www.fishclub.com
O15 - Trusted Zone: http://www.fivebelow.com
O15 - Trusted Zone: http://www.fivestarrange.com
O15 - Trusted Zone: http://www.fkalata.com
O15 - Trusted Zone: http://www.fkarch.com
O15 - Trusted Zone: http://www.flamessteakhouse.com
O15 - Trusted Zone: http://www.fleishers.com
O15 - Trusted Zone: http://www.fleurdelyssf.com
O15 - Trusted Zone: http://www.flexiblemoulding.com
O15 - Trusted Zone: http://www.flickr.com
O15 - Trusted Zone: http://www.flightnetwork.com
O15 - Trusted Zone: http://www.floorplanner.com
O15 - Trusted Zone: http://*.floorplanner.com
O15 - Trusted Zone: http://*.florios.com
O15 - Trusted Zone: http://www.flotrack.org
O15 - Trusted Zone: http://www.flynnstavern.com
O15 - Trusted Zone: http://www.followsales.com
O15 - Trusted Zone: http://www.foodnetwork.com
O15 - Trusted Zone: http://www.footballuniversity.org
O15 - Trusted Zone: http://www.footlocker.com
O15 - Trusted Zone: http://www.foresthealthcare.com
O15 - Trusted Zone: http://www.fornobravo.com
O15 - Trusted Zone: http://www.fornosrestaurant.com
O15 - Trusted Zone: http://miva.fossilfarmsostrich.com
O15 - Trusted Zone: http://www.fourseasons.com
O15 - Trusted Zone: http://www.francoisandco.com
O15 - Trusted Zone: http://www.frankeusa.com
O15 - Trusted Zone: http://www.franklinsteakhouse.com
O15 - Trusted Zone: http://www.fredcomodularhomes.com
O15 - Trusted Zone: http://www.frenchculinary.com
O15 - Trusted Zone: http://www.frenchranges.com
O15 - Trusted Zone: http://*.freshome.com
O15 - Trusted Zone: http://www.frontdoor.com
O15 - Trusted Zone: http://www.funtechtalk.com
O15 - Trusted Zone: http://www.funtonia.com
O15 - Trusted Zone: http://www.furniturelandsouth.com
O15 - Trusted Zone: http://*.futurehometechnology.com
O15 - Trusted Zone: http://www.g7construction.com
O15 - Trusted Zone: http://www.gaf.com
O15 - Trusted Zone: http://search.gardenweb.com
O15 - Trusted Zone: http://ths.gardenweb.com
O15 - Trusted Zone: http://downloads.garmin.com
O15 - Trusted Zone: http://www.garmin.com
O15 - Trusted Zone: http://www8.garmin.com
O15 - Trusted Zone: http://*.gb-studio.com
O15 - Trusted Zone: http://www.gbdesignllc.com
O15 - Trusted Zone: http://*.gebweb.net
O15 - Trusted Zone: http://www.generalshale.com
O15 - Trusted Zone: http://www.georgeheldandassociatesarchitects.com
O15 - Trusted Zone: http://www.gg-architect.com
O15 - Trusted Zone: http://*.giannettiarchitects.com
O15 - Trusted Zone: http://www.giants.com
O15 - Trusted Zone: http://*.gigapan.org
O15 - Trusted Zone: http://*.gizmodo.com
O15 - Trusted Zone: http://www.glengerybrick.com
O15 - Trusted Zone: http://www.glenngisslerdesign.com
O15 - Trusted Zone: http://www.glenrockstairs.com
O15 - Trusted Zone: http://www.gnc.com
O15 - Trusted Zone: http://www.goairlinkshuttle.com
O15 - Trusted Zone: http://www.goldendynastynj.com
O15 - Trusted Zone: http://www.golf.com
O15 - Trusted Zone: http://www.golfdigest.com
O15 - Trusted Zone: http://www.golfdigestteetimes.com
O15 - Trusted Zone: http://images.golfgalaxy.com
O15 - Trusted Zone: http://www.golfgalaxy.com
O15 - Trusted Zone: http://www.golfsmith.com
O15 - Trusted Zone: http://*.golftec.com
O15 - Trusted Zone: http://www.golfthebull.com
O15 - Trusted Zone: http://www.golfwrx.com
O15 - Trusted Zone: http://www.goodsamhosp.org
O15 - Trusted Zone: http://www.goodtimestove.com
O15 - Trusted Zone: http://video.google.co.uk
O15 - Trusted Zone: http://stores.goredean.com
O15 - Trusted Zone: http://www.grainger.com
O15 - Trusted Zone: http://www.grainviewdesigns.com
O15 - Trusted Zone: http://www.granddoors.com
O15 - Trusted Zone: http://www.graziellasny.com
O15 - Trusted Zone: http://www.grcconstructionllc.com
O15 - Trusted Zone: http://www.greenbrilliance.com
O15 - Trusted Zone: http://*.greenwichlobsterhouse.com
O15 - Trusted Zone: http://www.groupon.com
O15 - Trusted Zone: http://www.grupodfx.com.br
O15 - Trusted Zone: http://www.gshvin.org
O15 - Trusted Zone: http://mls.gsmls.com
O15 - Trusted Zone: http://www.gswoodpro.com
O15 - Trusted Zone: http://www.guebelin.ch
O15 - Trusted Zone: http://secure.guestdesk.com
O15 - Trusted Zone: http://www.gvbarchitects.com
O15 - Trusted Zone: http://fineart.ha.com
O15 - Trusted Zone: http://jewelry.ha.com
O15 - Trusted Zone: http://movieposters.ha.com
O15 - Trusted Zone: http://www.habershamhome.com
O15 - Trusted Zone: http://www.hacres.com
O15 - Trusted Zone: http://www.hammersmith.net
O15 - Trusted Zone: http://www.hamptondesign.com
O15 - Trusted Zone: http://www.handhewn.net
O15 - Trusted Zone: http://www.handmadebrick.com
O15 - Trusted Zone: http://www.hansonbrick.com
O15 - Trusted Zone: http://www.hanssemamerica.com
O15 - Trusted Zone: http://www.hanssemboston.com
O15 - Trusted Zone: http://www.hardenfurniture.com
O15 - Trusted Zone: http://www.hardware-designs.com
O15 - Trusted Zone: http://www.harrisondesignassociates.com
O15 - Trusted Zone: http://www.harvestrestaurants.com
O15 - Trusted Zone: http://www.hasara.com
O15 - Trusted Zone: http://*.havenbeachlbi.com
O15 - Trusted Zone: http://www.hayneedle.com
O15 - Trusted Zone: http://www.hebronbrick.com
O15 - Trusted Zone: http://www.heirloom2.com
O15 - Trusted Zone: http://www.henlopenhotel.com
O15 - Trusted Zone: http://www.henshawandemersonjewellers.co.uk
O15 - Trusted Zone: http://www.heritagearch.com
O15 - Trusted Zone: http://offer.hertz.com
O15 - Trusted Zone: http://www.heuerautavia.com
O15 - Trusted Zone: http://www.heuerboy.com
O15 - Trusted Zone: http://www.hgc.org
O15 - Trusted Zone: http://marketplace.hgtv.com
O15 - Trusted Zone: http://www.hgtv.com
O15 - Trusted Zone: http://www.hgtvpro.com
O15 - Trusted Zone: http://*.hillcreations.net
O15 - Trusted Zone: http://www.hinkleylighting.com
O15 - Trusted Zone: http://www.holidaykitchens.com
O15 - Trusted Zone: http://*.homecraftonline.com
O15 - Trusted Zone: http://www.homedepot.com
O15 - Trusted Zone: http://www.homedug.com
O15 - Trusted Zone: http://*.homehippo.com
O15 - Trusted Zone: http://www.homerunmonkey.com
O15 - Trusted Zone: http://www.homeserve.com
O15 - Trusted Zone: http://www.homesteadbuilders.net
O15 - Trusted Zone: http://*.homesupplyinc.com
O15 - Trusted Zone: http://www.hometeknj.com
O15 - Trusted Zone: http://newyork.hometownlocator.com
O15 - Trusted Zone: http://www.hondapowerequipment.com
O15 - Trusted Zone: http://*.honolulutime.com
O15 - Trusted Zone: http://www.hopstop.com
O15 - Trusted Zone: http://www.horizon-bcbsnj.com
O15 - Trusted Zone: http://www.horween.com
O15 - Trusted Zone: http://*.hospitalityholdings.com
O15 - Trusted Zone: http://www.hotels.com
O15 - Trusted Zone: http://*.hotpads.com
O15 - Trusted Zone: http://www.houzz.com
O15 - Trusted Zone: http://www.us.hsbc.com
O15 - Trusted Zone: http://www.htomega.com
O15 - Trusted Zone: http://www.hubertkeller.com
O15 - Trusted Zone: http://www.huffingtonpost.com
O15 - Trusted Zone: http://maps.huge.info
O15 - Trusted Zone: http://www.hulu.com
O15 - Trusted Zone: http://www.remodeling.hw.net
O15 - Trusted Zone: http://www.hylanddesigngroup.com
O15 - Trusted Zone: http://tanisconcrete.iarbiz.com
O15 - Trusted Zone: http://www.icewraps.net
O15 - Trusted Zone: http://www.icontact.com
O15 - Trusted Zone: http://www.idiets.com
O15 - Trusted Zone: http://www.ilcantuccionyc.com
O15 - Trusted Zone: http://www.ilve.com.au
O15 - Trusted Zone: http://*.ilveappliances.com
O15 - Trusted Zone: http://www.imagekind.com
O15 - Trusted Zone: http://*.imageshack.us
O15 - Trusted Zone: http://www.imagespublishing.com
O15 - Trusted Zone: http://www.immobilier-bretagne.com
O15 - Trusted Zone: http://www.inglouriousbasterds-movie.com
O15 - Trusted Zone: http://www.inotecanyc.com
O15 - Trusted Zone: http://www.insidearch.org
O15 - Trusted Zone: http://www.instantoffices.com
O15 - Trusted Zone: http://www.interiordecisions.com
O15 - Trusted Zone: http://*.interiordesignernj.com
O15 - Trusted Zone: http://www.interiormotives.net
O15 - Trusted Zone: http://www.intrahomesystems.com
O15 - Trusted Zone: http://yankees.io-media.com
O15 - Trusted Zone: http://www.ironrailings.net
O15 - Trusted Zone: http://www.isl-arch.com
O15 - Trusted Zone: http://www.islandincrete.com
O15 - Trusted Zone: http://www.italmasonry.com
O15 - Trusted Zone: http://www.jackarnold.com
O15 - Trusted Zone: http://*.jackarnold.com
O15 - Trusted Zone: http://www.jackarnoldblog.com
O15 - Trusted Zone: http://www.jackscafenj.com
O15 - Trusted Zone: http://*.jackscafenj.com
O15 - Trusted Zone: http://www.jalc.org
O15 - Trusted Zone: http://*.jamiesrestaurant.com
O15 - Trusted Zone: http://*.jandrcustomwoodworkinginc.com
O15 - Trusted Zone: http://www.janneau-usa.com
O15 - Trusted Zone: http://www.jayrosenblatt.com
O15 - Trusted Zone: http://*.jcarballo.com
O15 - Trusted Zone: http://www.jdwdesigns.com
O15 - Trusted Zone: http://www.jeandeve.ch
O15 - Trusted Zone: http://www.jeld-wen.com
O15 - Trusted Zone: http://www.jenkinsbrick.com
O15 - Trusted Zone: http://www.jennair.com
O15 - Trusted Zone: http://www.jerseyboysinfo.com
O15 - Trusted Zone: http://www.jilcowindow.com
O15 - Trusted Zone: http://*.jimhumble.biz
O15 - Trusted Zone: http://www.jintudesigns.com
O15 - Trusted Zone: http://www.jkinteriorsasid.com
O15 - Trusted Zone: http://forums.jlconline.com
O15 - Trusted Zone: http://www.jma-architects.com
O15 - Trusted Zone: http://www.jmhdesign.com
O15 - Trusted Zone: http://www.jmlifestyles.com
O15 - Trusted Zone: http://cookingclass.joanneweir.com
O15 - Trusted Zone: http://www.joetheartofcoffee.com
O15 - Trusted Zone: http://www.johnnyspizzeria.com
O15 - Trusted Zone: http://www.johnsonconstruct.com
O15 - Trusted Zone: http://*.jomacker.com
O15 - Trusted Zone: http://shop.joseph-watches.com
O15 - Trusted Zone: http://www.joseph-watches.com
O15 - Trusted Zone: http://www.jotul.com
O15 - Trusted Zone: http://www.jprwood.com
O15 - Trusted Zone: http://*.jptimepieces.com
O15 - Trusted Zone: http://www.jrarchitectsonline.com
O15 - Trusted Zone: http://*.jrarchitectsonline.com
O15 - Trusted Zone: http://*.jtarchitecturaldesign.com
O15 - Trusted Zone: http://*.judgespot.com
O15 - Trusted Zone: http://*.julesborel.com
O15 - Trusted Zone: http://www.jumesrestaurant.com
O15 - Trusted Zone: http://www.juniquedesigns.com
O15 - Trusted Zone: http://www.junketstudies.com
O15 - Trusted Zone: http://www.justanswer.com
O15 - Trusted Zone: http://www.juvenia.com
O15 - Trusted Zone: http://www.kaehlerarchitects.com
O15 - Trusted Zone: http://www.katrinellasbistro.com
O15 - Trusted Zone: http://www.katzdeli.com
O15 - Trusted Zone: http://www.kayak.com
O15 - Trusted Zone: http://www.kbinet.com
O15 - Trusted Zone: http://www.kenbauer.com
O15 - Trusted Zone: http://www.kennysmasonry.net
O15 - Trusted Zone: http://www.kerkythea.net
O15 - Trusted Zone: http://www.kichler.com
O15 - Trusted Zone: http://www.kingschosen.com
O15 - Trusted Zone: http://www.kingston.com
O15 - Trusted Zone: http://www.kitchen-kaboodle.com
O15 - Trusted Zone: http://*.kitchencreationsllc.com
O15 - Trusted Zone: http://www.kitchenmagic.com
O15 - Trusted Zone: http://www.kitchenplexny.com
O15 - Trusted Zone: http://www.kitchensandbaths.com
O15 - Trusted Zone: http://www.kittatinny.com
O15 - Trusted Zone: http://www.kmart.com
O15 - Trusted Zone: http://www.kodakgallery.com
O15 - Trusted Zone: http://www.koenigconstruction.com
O15 - Trusted Zone: http://www.kohler.com
O15 - Trusted Zone: http://www.us.kohler.com
O15 - Trusted Zone: http://www.kositalia.com
O15 - Trusted Zone: http://www.kqed.org
O15 - Trusted Zone: http://www.kraftfoods.com
O15 - Trusted Zone: http://www.ktaylorrenderings.com
O15 - Trusted Zone: http://www.kulickdevelopment.com
O15 - Trusted Zone: http://www.kurtskitchens.com
O15 - Trusted Zone: http://www.laidodesigns.com
O15 - Trusted Zone: http://*.lakesidefitnessclub.com
O15 - Trusted Zone: http://www.landacarpentry.com
O15 - Trusted Zone: http://www.landrysseafood.com
O15 - Trusted Zone: http://www.latexmattresscompany.com
O15 - Trusted Zone: http://*.latonas.com
O15 - Trusted Zone: http://www.laundry-alternative.com
O15 - Trusted Zone: http://*.lawrencevillebrick.com
O15 - Trusted Zone: http://www.lazarstucco.com
O15 - Trusted Zone: http://*.lazaruswilliamson.info
O15 - Trusted Zone: http://*.lbifoodies.com
O15 - Trusted Zone: http://*.lbiinns.com
O15 - Trusted Zone: http://www.lbinet.net
O15 - Trusted Zone: http://www.lbradyarch.com
O15 - Trusted Zone: http://www.lct.org
O15 - Trusted Zone: http://www.leaguelineup.com
O15 - Trusted Zone: http://www.leebrickonline.com
O15 - Trusted Zone: http://www.legendsgolf.com
O15 - Trusted Zone: http://www.lemuretusa.com
O15 - Trusted Zone: http://www.lesmala.net
O15 - Trusted Zone: http://www.letmewatchthis.com
O15 - Trusted Zone: http://www.lge.com
O15 - Trusted Zone: http://www.lhkdesign.com
O15 - Trusted Zone: http://www.libertyhouserestaurant.com
O15 - Trusted Zone: http://www.librouniversal.it
O15 - Trusted Zone: http://www.limeworks.us
O15 - Trusted Zone: http://www.limousineinnj.com
O15 - Trusted Zone: http://new.lincolncenter.org
O15 - Trusted Zone: http://www.lineworks.net
O15 - Trusted Zone: http://www.litrainternational.com
O15 - Trusted Zone: http://www.littlestoveshop.com
O15 - Trusted Zone: http://www.loefflersmeats.com
O15 - Trusted Zone: http://www.longines.com
O15 - Trusted Zone: http://www.lopistoves.com
O15 - Trusted Zone: http://www.lorijacobsendesign.com
O15 - Trusted Zone: http://www.lowes.com
O15 - Trusted Zone: http://www.lpbrickote.com
O15 - Trusted Zone: http://www.lpdecor.net
O15 - Trusted Zone: http://www.ltcgroups.com
O15 - Trusted Zone: http://www.ludoslate.com
O15 - Trusted Zone: http://www.ludowici.com
O15 - Trusted Zone: http://www.luigismyrtlebeach.com
O15 - Trusted Zone: http://www.luigiverga.it
O15 - Trusted Zone: http://www.lumetasolar.com
O15 - Trusted Zone: http://www.lunarstudio.com
O15 - Trusted Zone: http://www.lutron.com
O15 - Trusted Zone: http://www.luxuryportfolio.com
O15 - Trusted Zone: http://*.lynnronandesign.com
O15 - Trusted Zone: http://www.lyonnel.ch
O15 - Trusted Zone: http://store.m-audio.com
O15 - Trusted Zone: http://homepage.mac.com
O15 - Trusted Zone: http://web.mac.com
O15 - Trusted Zone: http://www.magnoliabakery.com
O15 - Trusted Zone: http://*.maitland-smith.com
O15 - Trusted Zone: http://www.makoac.com
O15 - Trusted Zone: http://www.malts.com
O15 - Trusted Zone: http://www.mangiatrattoriaonline.com
O15 - Trusted Zone: http://www.maplecraftusa.com
O15 - Trusted Zone: http://find.mapmuse.com
O15 - Trusted Zone: http://go.mappoint.net
O15 - Trusted Zone: http://www.mapquest.com
O15 - Trusted Zone: http://www.marble.com
O15 - Trusted Zone: http://www.mariapianyc.com
O15 - Trusted Zone: http://www.marinainnatgrandedunes.com
O15 - Trusted Zone: http://www.marketwatch.com
O15 - Trusted Zone: http://www.marriott.com
O15 - Trusted Zone: http://www.martindoor.com
O15 - Trusted Zone: http://www.martinsrestaurants.com
O15 - Trusted Zone: http://www.masasushiandgrill.com
O15 - Trusted Zone: http://www.masonite.com
O15 - Trusted Zone: http://*.masterkitchensandbaths.com
O15 - Trusted Zone: http://www.matthewbaininc.com
O15 - Trusted Zone: http://www.maverickcooking.com
O15 - Trusted Zone: http://w.mawebcenters.com
O15 - Trusted Zone: http://www.maxlightsystem.com
O15 - Trusted Zone: http://www.mbga.com
O15 - Trusted Zone: http://www.mbgolf.com
O15 - Trusted Zone: http://www.mbn.com
O15 - Trusted Zone: http://www.mbsun.com
O15 - Trusted Zone: http://www.mca-tile.com
O15 - Trusted Zone: http://www.mcalpineboothferrier.com
O15 - Trusted Zone: http://www.mcalpinetankersley.com
O15 - Trusted Zone: http://cep.mcdonalds.com
O15 - Trusted Zone: http://www.mcdonalds.com
O15 - Trusted Zone: http://www.mcitko.com
O15 - Trusted Zone: http://*.mcitko.com
O15 - Trusted Zone: http://www.mcnear.com
O15 - Trusted Zone: *.mcssl.com
O15 - Trusted Zone: http://*.mcwcarpentry.com
O15 - Trusted Zone: http://www.mdsarchitect.com
O15 - Trusted Zone: http://www.medusastonedesign.com
O15 - Trusted Zone: http://www.megamillions.com
O15 - Trusted Zone: http://www.melaragno.com
O15 - Trusted Zone: http://www.menutopia.com
O15 - Trusted Zone: http://www.merriam-webster.com
O15 - Trusted Zone: http://images.messagelabs.com
O15 - Trusted Zone: http://www.metacafe.com
O15 - Trusted Zone: http://www.metoperafamily.org
O15 - Trusted Zone: http://www.mevio.com
O15 - Trusted Zone: http://www.michaelmariotti.com
O15 - Trusted Zone: http://www.michaelnappa.com
O15 - Trusted Zone: http://www.michaelsmitharchitects.com
O15 - Trusted Zone: http://www.mickeymantles.com
O15 - Trusted Zone: http://www.midwesthomemag.com
O15 - Trusted Zone: http://www.mikeepsteinhitting.com
O15 - Trusted Zone: http://www.mikescigars.com
O15 - Trusted Zone: http://www.milfordpower.com
O15 - Trusted Zone: http://www.milkandcookiesbakery.com
O15 - Trusted Zone: http://www.miuragolf.com
O15 - Trusted Zone: http://baltimore.orioles.mlb.com
O15 - Trusted Zone: http://losangeles.angels.mlb.com
O15 - Trusted Zone: http://mlb.mlb.com
O15 - Trusted Zone: http://newyork.yankees.mlb.com
O15 - Trusted Zone: http://oakland.athletics.mlb.com
O15 - Trusted Zone: http://texas.rangers.mlb.com
O15 - Trusted Zone: http://www.mls.com
O15 - Trusted Zone: http://*.mmsanswers.com
O15 - Trusted Zone: http://www.mobilemastee.com
O15 - Trusted Zone: http://www.mochableu.com
O15 - Trusted Zone: http://www.modernmillwork.net
O15 - Trusted Zone: http://www.mohawkhouse.com
O15 - Trusted Zone: http://www.molteni.com
O15 - Trusted Zone: http://www.monogram.com
O15 - Trusted Zone: http://jobsearch.monster.com
O15 - Trusted Zone: http://www.monster.com
O15 - Trusted Zone: http://www.montorogroup.com
O15 - Trusted Zone: http://www.morellodesign.com
O15 - Trusted Zone: http://www.morganbuildersinc.com
O15 - Trusted Zone: http://www.morpurgoarchitects.com
O15 - Trusted Zone: http://www.mosnewyorkgrill.com
O15 - Trusted Zone: http://www.motion-space.com
O15 - Trusted Zone: http://www.motiongolf.com
O15 - Trusted Zone: http://www.mountvernonbaltimore.com
O15 - Trusted Zone: http://www.movoto.com
O15 - Trusted Zone: http://lifestyle.msn.com
O15 - Trusted Zone: http://www.murphywoodworking.com
O15 - Trusted Zone: http://www.mvpbaseballgear.com
O15 - Trusted Zone: http://www.mwcwatches.com
O15 - Trusted Zone: http://web3.mymartindoor.com
O15 - Trusted Zone: http://*.mymyrtlebeachvilla.com
O15 - Trusted Zone: http://www.myrtlebeach-golfpackage.com
O15 - Trusted Zone: http://*.myrtlebeachbarspecials.com
O15 - Trusted Zone: http://www.myrtlebeachcondorentals.com
O15 - Trusted Zone: http://www.myrtlebeachhappyhour.com
O15 - Trusted Zone: http://vids.myspace.com
O15 - Trusted Zone: http://www.myvideo.de
O15 - Trusted Zone: http://www.myxer.com
O15 - Trusted Zone: http://www.naomimezei.com
O15 - Trusted Zone: http://www.nashbrick.com
O15 - Trusted Zone: http://www.naturalhomes.org
O15 - Trusted Zone: http://*.navteq.com
O15 - Trusted Zone: http://www.nawkaw.com
O15 - Trusted Zone: http://wrigley.nba.com
O15 - Trusted Zone: http://www.nba.com
O15 - Trusted Zone: http://www.ncaa.com
O15 - Trusted Zone: http://www.ncma.org
O15 - Trusted Zone: http://www.nealsdeli.com
O15 - Trusted Zone: http://www.neelawoodard.com
O15 - Trusted Zone: http://www.neffkitchens.com
O15 - Trusted Zone: http://nestor6.nespresso.com
O15 - Trusted Zone: http://www.nespresso.com
O15 - Trusted Zone: http://www1.nespresso.com
O15 - Trusted Zone: http://tbmoch1.net84.net
O15 - Trusted Zone: http://www.networksolutions.com
O15 - Trusted Zone: http://www.newbalance.com
O15 - Trusted Zone: http://*.newjerseyfalcons.com
O15 - Trusted Zone: http://www.nfl.com
O15 - Trusted Zone: http://devils.nhl.com
O15 - Trusted Zone: http://www.nicklausgolf.com
O15 - Trusted Zone: http://niketown.nike.com
O15 - Trusted Zone: http://store.nike.com
O15 - Trusted Zone: http://highschoolsports.nj.com
O15 - Trusted Zone: http://www.njba.org
O15 - Trusted Zone: http://www.njcustomgolf.com
O15 - Trusted Zone: http://www.njmls.com
O15 - Trusted Zone: http://www.njpac.org
O15 - Trusted Zone: http://mail.njrealestate.com
O15 - Trusted Zone: http://www.njrenderings.com
O15 - Trusted Zone: http://www.njrocz.net
O15 - Trusted Zone: http://www.njsymphony.org
O15 - Trusted Zone: http://www.njtransit.com
O15 - Trusted Zone: http://www.nordpeis.com
O15 - Trusted Zone: http://shop.nordstrom.com
O15 - Trusted Zone: http://www.normanaskins.com
O15 - Trusted Zone: http://www.northernrooftiles.com
O15 - Trusted Zone: http://www.northjersey.com
O15 - Trusted Zone: http://www.northjerseycc.com
O15 - Trusted Zone: http://www.northsidedesign.com
O15 - Trusted Zone: http://www.novogolf.com
O15 - Trusted Zone: http://www.ncptt.nps.gov
O15 - Trusted Zone: http://*.nrange.com
O15 - Trusted Zone: http://www.nutritiondata.com
O15 - Trusted Zone: http://www.nutritionwholesalers.com
O15 - Trusted Zone: http://www.nuzziarchitects.com
O15 - Trusted Zone: http://www.nwdbonline.com
O15 - Trusted Zone: http://www.nyc.gov
O15 - Trusted Zone: http://www.nycballet.com
O15 - Trusted Zone: http://www.nycopera.com
O15 - Trusted Zone: http://www.nycountryclub.com
O15 - Trusted Zone: http://www.nycwineandfoodfestival.com
O15 - Trusted Zone: http://www.nyg2010.com
O15 - Trusted Zone: http://www.nynjbrick.com
O15 - Trusted Zone: http://www.nywoodwork.com
O15 - Trusted Zone: http://www.oaklandschoolsnj.org
O15 - Trusted Zone: http://www.oakley.com
O15 - Trusted Zone: http://www.oldhousejournal.com
O15 - Trusted Zone: http://www.omegawatches.com
O15 - Trusted Zone: http://dangilligan.onbaseball.com
O15 - Trusted Zone: http://s245280237.onlinehome.us
O15 - Trusted Zone: http://www.opentable.com
O15 - Trusted Zone: http://www.opertuneus.com
O15 - Trusted Zone: http://*.optimum.com
O15 - Trusted Zone: http://tvlistings.optimum.net
O15 - Trusted Zone: http://www.optimum.net
O15 - Trusted Zone: http://www.optimumrewards.com
O15 - Trusted Zone: http://*.optimumrewards.com
O15 - Trusted Zone: http://www.optionmarketmentor.com
O15 - Trusted Zone: http://www.orangewatchcompany.com
O15 - Trusted Zone: http://www.originalbenjamins.com
O15 - Trusted Zone: http://www.originalhome.com
O15 - Trusted Zone: http://www.originthai.com
O15 - Trusted Zone: http://www.ornatus-mundi.ch
O15 - Trusted Zone: http://*.orrstreeservice.com
O15 - Trusted Zone: http://www.ottofrei.com
O15 - Trusted Zone: http://www.ottopizzeria.com
O15 - Trusted Zone: http://www.overstock.com
O15 - Trusted Zone: http://www.ozermarblegroup.com
O15 - Trusted Zone: http://www.palimeworks.com
O15 - Trusted Zone: http://www.palmettobrick.com
O15 - Trusted Zone: http://www.palmettopig.com
O15 - Trusted Zone: http://www.pandora.com
O15 - Trusted Zone: http://www.papistexicangrill.com
O15 - Trusted Zone: http://www.papyrushomedesign.com
O15 - Trusted Zone: http://*.paragonfcu.org
O15 - Trusted Zone: http://www.parkandorchard.com
O15 - Trusted Zone: http://www.parkavenuebargrill.com
O15 - Trusted Zone: http://www.parking.com
O15 - Trusted Zone: http://blog.parkinsonbuildinggroup.com
O15 - Trusted Zone: http://wyckoff.patch.com
O15 - Trusted Zone: http://www.patrickahearn.com
O15 - Trusted Zone: http://www.patsyspizzeriany.com
O15 - Trusted Zone: *.pb.com
O15 - Trusted Zone: http://www.pbsnationwide.com
O15 - Trusted Zone: http://www.pdmarlow.com
O15 - Trusted Zone: http://www.peabodycourthotel.com
O15 - Trusted Zone: http://www.pella.com
O15 - Trusted Zone: http://www.period-homes.com
O15 - Trusted Zone: http://www.permatint.com
O15 - Trusted Zone: http://www.perr.com
O15 - Trusted Zone: http://www.petergisolfiassociates.com
O15 - Trusted Zone: http://www.pga.com
O15 - Trusted Zone: http://www.pgatour.com
O15 - Trusted Zone: http://www.pharranderson.com
O15 - Trusted Zone: http://www.phelpsrefinishing.com
O15 - Trusted Zone: http://*.phi7.com
O15 - Trusted Zone: http://*.phoneclaim.com
O15 - Trusted Zone: http://s128.photobucket.com
O15 - Trusted Zone: http://s251.photobucket.com
O15 - Trusted Zone: http://www.majorleaguephotos.photostockplus.com
O15 - Trusted Zone: http://www.piccolonjrestaurant.com
O15 - Trusted Zone: http://*.piccolopetesrestaurant.net
O15 - Trusted Zone: http://www.picnicrestaurant.com
O15 - Trusted Zone: http://www.pinehallbrick.com
O15 - Trusted Zone: http://www.pinehurst.com
O15 - Trusted Zone: http://www.pktarchitecture.com
O15 - Trusted Zone: http://www.plainfancycabinetry.com
O15 - Trusted Zone: http://*.plainfancypr.com
O15 - Trusted Zone: http://*.planetpsa.com
O15 - Trusted Zone: http://www.plantnj.com
O15 - Trusted Zone: http://www.plantpros4u.com
O15 - Trusted Zone: http://www.platowoodwork.com
O15 - Trusted Zone: http://www.playmyrtlebeach.com
O15 - Trusted Zone: http://www.pmhdesignbuild.com
O15 - Trusted Zone: http://www.poggenpohl-usa.com
O15 - Trusted Zone: http://www.polomainc.com
O15 - Trusted Zone: http://www.portolapaints.com
O15 - Trusted Zone: http://www.posen.com
O15 - Trusted Zone: http://www.postranchinn.com
O15 - Trusted Zone: http://www.potterybarn.com
O15 - Trusted Zone: http://www.poultry.com
O15 - Trusted Zone: http://*.precisiontimeco.com
O15 - Trusted Zone: http://*.preservationworks.us
O15 - Trusted Zone: http://www.pricegrabber.com
O15 - Trusted Zone: http://www.primetimetoys.com
O15 - Trusted Zone: http://www.primogrill.com
O15 - Trusted Zone: http://www.pro-builthomes.com
O15 - Trusted Zone: http://germanwatch.proboards.com
O15 - Trusted Zone: http://*.projectobject.com
O15 - Trusted Zone: http://*.psaia.com
O15 - Trusted Zone: http://www.engr.psu.edu
O15 - Trusted Zone: http://2019390644.pubcrawler.com
O15 - Trusted Zone: http://www.puff.com
O15 - Trusted Zone: http://www.punchsoftware.com
O15 - Trusted Zone: http://www.puroexpress.com
O15 - Trusted Zone: http://www.pursleyarchitecture.com
O15 - Trusted Zone: http://www.quadrafire.com
O15 - Trusted Zone: http://www.queenannewine.com
O15 - Trusted Zone: http://www.quintasteakhouse.com
O15 - Trusted Zone: http://www.raccini.com
O15 - Trusted Zone: http://www.rachaelrayshow.com
O15 - Trusted Zone: http://www.raddes.com
O15 - Trusted Zone: http://*.radio.com
O15 - Trusted Zone: http://www.radioguide.fm
O15 - Trusted Zone: http://*.radiotime.com
O15 - Trusted Zone: http://www.raffimax.com
O15 - Trusted Zone: http://www.rahulnair.net
O15 - Trusted Zone: http://www.raic.org
O15 - Trusted Zone: http://www.rangecraft.com
O15 - Trusted Zone: http://*.raredesignsonline.com
O15 - Trusted Zone: http://www.ravenwood.biz
O15 - Trusted Zone: http://www.rcc1890.com
O15 - Trusted Zone: http://*.rdirail.com
O15 - Trusted Zone: http://www.rdkarch.com
O15 - Trusted Zone: http://stonedoctorusa.reachlocal.com
O15 - Trusted Zone: http://www.real-visuals.com
O15 - Trusted Zone: http://www.realestateshows.com
O15 - Trusted Zone: http://members.realitykings.com
O15 - Trusted Zone: http://www.realpageslive.com
O15 - Trusted Zone: http://www.redlandbrick.com
O15 - Trusted Zone: http://www.redlandclaytile.com
O15 - Trusted Zone: http://*.redlandclaytile.com
O15 - Trusted Zone: http://*.rehkamplarson.com
O15 - Trusted Zone: http://www.remedialbuilders.com.au
O15 - Trusted Zone: http://www.renaissanceconservatories.com
O15 - Trusted Zone: http://www.renderinghouse.com
O15 - Trusted Zone: http://*.renderinghouse.com
O15 - Trusted Zone: http://www.renderit.cc
O15 - Trusted Zone: http://www.renovate.com.au
O15 - Trusted Zone: http://www.residentialarchitect.com
O15 - Trusted Zone: http://www.restaurant.com
O15 - Trusted Zone: http://www.restaurantdepot.com
O15 - Trusted Zone: http://www.restaurantlnj.com
O15 - Trusted Zone: http://www.restaurantnicholas.com
O15 - Trusted Zone: http://www.reuters.com
O15 - Trusted Zone: http://www.rih.org
O15 - Trusted Zone: http://www.rivercitycafe.com
O15 - Trusted Zone: http://www.rjslandtree.com
O15 - Trusted Zone: http://www.rlsatlanta.com
O15 - Trusted Zone: http://www.rmgstone.com
O15 - Trusted Zone: http://www.rms-construction.com
O15 - Trusted Zone: http://www.rms-design.com
O15 - Trusted Zone: http://www.rmsdesigngroup.com
O15 - Trusted Zone: http://*.robertamittman.com
O15 - Trusted Zone: http://www.robertjulian.com
O15 - Trusted Zone: http://www.robertnewelllightingdesign.com
O15 - Trusted Zone: http://www.robertsbrickmortar.com
O15 - Trusted Zone: http://*.robertsbrickmortar.com
O15 - Trusted Zone: http://www.robinsonbrick.com
O15 - Trusted Zone: http://*.robsbistro.com
O15 - Trusted Zone: http://*.rocklandkitchendesign.com
O15 - Trusted Zone: http://www.rodssteak.com
O15 - Trusted Zone: http://www.roguevalleydoor.com
O15 - Trusted Zone: http://www.rolex.com
O15 - Trusted Zone: http://www.rollnroaster.com
O15 - Trusted Zone: http://www.ronnathaninteriors.com
O15 - Trusted Zone: http://www.roofingchildsplay.com
O15 - Trusted Zone: http://www.roosports.com
O15 - Trusted Zone: http://*.rootssteakhouse.com
O15 - Trusted Zone: http://www.ross-simons.com
O15 - Trusted Zone: http://www.roundtowerlime.com
O15 - Trusted Zone: http://www.royalwarsaw.com
O15 - Trusted Zone: http://www.royandsids.com
O15 - Trusted Zone: http://www.rrbuilders.com
O15 - Trusted Zone: http://tmrassociates.rtrk.com
O15 - Trusted Zone: http://*.russellversaci.com
O15 - Trusted Zone: http://www.ruttoflosaltos.com
O15 - Trusted Zone: http://www.ryandeyer.com
O15 - Trusted Zone: http://*.salernoskitchens.com
O15 - Trusted Zone: http://www.saltcreekcafe.com
O15 - Trusted Zone: http://*.san-marcousa.com
O15 - Trusted Zone: http://*.sandisk.com
O15 - Trusted Zone: http://www.santambroeus.com
O15 - Trusted Zone: http://www.sargarch.com
O15 - Trusted Zone: http://www.saulrestaurant.com
O15 - Trusted Zone: http://www.savvyrest.com
O15 - Trusted Zone: http://*.sawhaven.com
O15 - Trusted Zone: http://www.sba.gov
O15 - Trusted Zone: http://*.sbinteriordesign.net
O15 - Trusted Zone: http://www.scalinifedeli.com
O15 - Trusted Zone: http://www.schopferassociates.com
O15 - Trusted Zone: http://www.scottpillingphoto.com
O15 - Trusted Zone: http://www.scratch-b-gone.com
O15 - Trusted Zone: http://www.scribd.com
O15 - Trusted Zone: http://www.sdfileupload.com
O15 - Trusted Zone: http://www.seacaptains.com
O15 - Trusted Zone: http://www.seaisland.com
O15 - Trusted Zone: http://www.seaoaksgolf.com
O15 - Trusted Zone: http://www.searchtempest.com
O15 - Trusted Zone: http://www.sears.com
O15 - Trusted Zone: http://www.seatadvisor.com
O15 - Trusted Zone: http://www.segoviasteakhouse.com
O15 - Trusted Zone: http://nutritiondata.self.com
O15 - Trusted Zone: http://www.self.com
O15 - Trusted Zone: http://www.septicexperts.com
O15 - Trusted Zone: http://www.serta.com
O15 - Trusted Zone: http://www.shadefxcanopies.com
O15 - Trusted Zone: http://www.shadetreecanopies.com
O15 - Trusted Zone: http://*.shapiroandco.com
O15 - Trusted Zone: http://www.sharpusa.com
O15 - Trusted Zone: http://www.shawbrick.ca
O15 - Trusted Zone: http://*.sheldonslate.com
O15 - Trusted Zone: http://www.shoesave.com
O15 - Trusted Zone: http://lowes.shoplocal.com
O15 - Trusted Zone: http://macys.shoplocal.com
O15 - Trusted Zone: http://sportsauthority.shoplocal.com
O15 - Trusted Zone: http://www.shoppersvineyard.com
O15 - Trusted Zone: http://www.shoprado.us
O15 - Trusted Zone: http://www.shoresummerrentals.com
O15 - Trusted Zone: http://share.shutterfly.com
O15 - Trusted Zone: http://whitewashedbrickcolonial.shutterfly.com
O15 - Trusted Zone: http://www.shutterfly.com
O15 - Trusted Zone: http://www.siematic.com
O15 - Trusted Zone: http://www.signaturecab.com
O15 - Trusted Zone: http://www.signaturekitchensinc.com
O15 - Trusted Zone: http://www.simplyadditions.com
O15 - Trusted Zone: http://www.sleightconservation.co.uk
O15 - Trusted Zone: http://www.slideshare.net
O15 - Trusted Zone: http://accuraty.slideshowpro.com
O15 - Trusted Zone: http://secure.smilebox.com
O15 - Trusted Zone: http://www.smithmaran.com
O15 - Trusted Zone: http://www.snaidero-usa.com
O15 - Trusted Zone: http://www5.snapfish.com
O15 - Trusted Zone: http://*.sns-arch-eng.com
O15 - Trusted Zone: http://www.solarcentury.co.uk
O15 - Trusted Zone: http://*.soledadpregoni.com
O15 - Trusted Zone: http://www.sonyclassics.com
O15 - Trusted Zone: http://*.sorrentoristorante.net
O15 - Trusted Zone: http://www.sortwizard.com
O15 - Trusted Zone: http://www.sosaborella.com
O15 - Trusted Zone: http://catalogue.sothebys.com
O15 - Trusted Zone: http://www.southcitygroup.net
O15 - Trusted Zone: http://www.southernaccents.com
O15 - Trusted Zone: http://www.southernshutter.com
O15 - Trusted Zone: http://*.southview-modular-homes.com
O15 - Trusted Zone: http://*.specfindesigns.com
O15 - Trusted Zone: http://www.spine3d.com
O15 - Trusted Zone: http://www.spinnakersreach.com
O15 - Trusted Zone: http://www.spiritair.com
O15 - Trusted Zone: http://www.sports-u.com
O15 - Trusted Zone: http://www.sportsauthority.com
O15 - Trusted Zone: http://mysprint.sprint.com
O15 - Trusted Zone: http://now.sprint.com
O15 - Trusted Zone: http://premier.sprint.com
O15 - Trusted Zone: http://search.sprint.com
O15 - Trusted Zone: http://shop.sprint.com
O15 - Trusted Zone: http://sports.sprint.com
O15 - Trusted Zone: http://support.sprint.com
O15 - Trusted Zone: http://www.sprint.com
O15 - Trusted Zone: http://gatoradeperformance.stack.com
O15 - Trusted Zone: http://www.stanleyfurniture.com
O15 - Trusted Zone: http://www.startavern.net
O15 - Trusted Zone: http://www.state.nj.us
O15 - Trusted Zone: http://www.staubhomeinspection.com
O15 - Trusted Zone: http://www.stephenfuller.com
O15 - Trusted Zone: http://www.stickley.com
O15 - Trusted Zone: http://www.stockmarketmentor.com
O15 - Trusted Zone: http://www.stokleyinteriors.com
O15 - Trusted Zone: http://www.stonecraft.ca
O15 - Trusted Zone: http://www.stonenz.co.nz
O15 - Trusted Zone: http://www.stonesurfacesinc.net
O15 - Trusted Zone: http://www.stonesurfacesnj.com
O15 - Trusted Zone: http://www.stonetownconstruction.com
O15 - Trusted Zone: http://www.storybookhomes.biz
O15 - Trusted Zone: http://www.stovesonline.co.uk
O15 - Trusted Zone: http://members.streetblowjobs.com
O15 - Trusted Zone: http://www.streetblowjobs.com
O15 - Trusted Zone: http://www.stubhub.com
O15 - Trusted Zone: http://www.stucco-as-art.com
O15 - Trusted Zone: http://www.studio5p-architects.com
O15 - Trusted Zone: http://www.studiobecker.com
O15 - Trusted Zone: http://www.studiorendering.com
O15 - Trusted Zone: http://www.studioscotland.com
O15 - Trusted Zone: http://www.stuller.com
O15 - Trusted Zone: http://www.subzero.com
O15 - Trusted Zone: http://www.summerour.net
O15 - Trusted Zone: http://www.summerwood.com
O15 - Trusted Zone: http://www.sunbeltrentals.com
O15 - Trusted Zone: http://us.sunpowercorp.com
O15 - Trusted Zone: http://www.superjetdrains.com
O15 - Trusted Zone: http://www.superpages.com
O15 - Trusted Zone: http://yellowpages.superpages.com
O15 - Trusted Zone: http://www.supraekey.com
O15 - Trusted Zone: http://www.surftiva.com
O15 - Trusted Zone: http://www.susanpalmerdesigns.com
O15 - Trusted Zone: http://www.sushilounge.com
O15 - Trusted Zone: http://www.swansondonahue.com
O15 - Trusted Zone: http://www.swarovski.com
O15 - Trusted Zone: http://clopayhd.swatchbox.com
O15 - Trusted Zone: http://www.swisspost-gls.ch
O15 - Trusted Zone: http://www.swisspost.ch
O15 - Trusted Zone: http://meridiist.tagheuer.com
O15 - Trusted Zone: http://www.talkofthetownvideo.com
O15 - Trusted Zone: http://www.tallysconstruction.com
O15 - Trusted Zone: http://*.tallysconstruction.com
O15 - Trusted Zone: http://www.tallysystem.com
O15 - Trusted Zone: http://www.tamko.com
O15 - Trusted Zone: http://www.tandchome.com
O15 - Trusted Zone: http://www.tangram3ds.com
O15 - Trusted Zone: http://www.targethomespa.com
O15 - Trusted Zone: http://www.tarrylodge.com
O15 - Trusted Zone: http://www.taylormadegolf.com
O15 - Trusted Zone: http://support.tbs.com
O15 - Trusted Zone: http://www.tbs.com
O15 - Trusted Zone: http://www.tdameritrade.com
O15 - Trusted Zone: http://www.teaktubs.com
O15 - Trusted Zone: http://www.teelbaseball.com
O15 - Trusted Zone: http://www.terraclad.com
O15 - Trusted Zone: http://www.terreal.co.uk
O15 - Trusted Zone: http://www.tessgiuliani.com
O15 - Trusted Zone: http://www.texcote.com
O15 - Trusted Zone: http://www.tgh.com.au
O15 - Trusted Zone: http://www.thatchermcghees.com
O15 - Trusted Zone: http://www.thathomesite.com
O15 - Trusted Zone: http://*.thearchgroup.com
O15 - Trusted Zone: http://www.thebarclaysgolf.com
O15 - Trusted Zone: http://www.thebrickhousewyckoff.com
O15 - Trusted Zone: http://www.thebrickpainters.com
O15 - Trusted Zone: http://www.theburgerdeluxe.com
O15 - Trusted Zone: http://www.thechesapeakehouse.com
O15 - Trusted Zone: http://www.thedailyshow.com
O15 - Trusted Zone: http://www.thedunesclub.net
O15 - Trusted Zone: http://www.thefrugalconnoisseurs.com
O15 - Trusted Zone: http://www.thegarden.com
O15 - Trusted Zone: http://*.thegrandevillas.com
O15 - Trusted Zone: http://www.thehammerandnail.com
O15 - Trusted Zone: http://www.thekitchendesigner.org
O15 - Trusted Zone: http://www.themasterstroke.com
O15 - Trusted Zone: http://www.themcdermottgroup.com
O15 - Trusted Zone: http://www.themeatballshop.com
O15 - Trusted Zone: http://www.themetalpeddler.com
O15 - Trusted Zone: http://*.thenextweb.com
O15 - Trusted Zone: http://www.thenoizyoyster.com
O15 - Trusted Zone: http://*.theoaklandjournal.com
O15 - Trusted Zone: http://www.thepit-raleigh.com
O15 - Trusted Zone: http://www.theredcat.com
O15 - Trusted Zone: http://www.therestaurant.net
O15 - Trusted Zone: http://www.thermoworks.com
O15 - Trusted Zone: http://www.thespottedpig.com
O15 - Trusted Zone: http://www.thestablerestaurant.com
O15 - Trusted Zone: http://secure2.thestreet.com
O15 - Trusted Zone: http://www.thestreet.com
O15 - Trusted Zone: http://*.theworldtourgolf.com
O15 - Trusted Zone: http://www.thingsthatinspire.net
O15 - Trusted Zone: http://www.thinkingxxx.com
O15 - Trusted Zone: http://www.thismanslife.co.uk
O15 - Trusted Zone: http://www.thumanns.com
O15 - Trusted Zone: http://purchase.tickets.com
O15 - Trusted Zone: http://*.timerestoration.com
O15 - Trusted Zone: http://www.tischlerhaus.com
O15 - Trusted Zone: http://www.tmrassociates.com
O15 - Trusted Zone: http://*.toddlent.com
O15 - Trusted Zone: http://www.totalfootballstats.com
O15 - Trusted Zone: http://www.totousa.com
O15 - Trusted Zone: http://tours.tourfactory.com
O15 - Trusted Zone: http://*.tpcgolfpackages.com
O15 - Trusted Zone: http://www.tpcrealestate.com
O15 - Trusted Zone: http://www.trademarkinteriors.com
O15 - Trusted Zone: http://www.tradervics.com
O15 - Trusted Zone: http://www.tradingeveryday.com
O15 - Trusted Zone: http://www.traditional-building.com
O15 - Trusted Zone: http://www.traffic.com
O15 - Trusted Zone: http://travel.travelocity.com
O15 - Trusted Zone: http://www.travelocity.com
O15 - Trusted Zone: http://www.trescointernational.com
O15 - Trusted Zone: http://www.tresserra.com
O15 - Trusted Zone: http://www.trianglebrick.com
O15 - Trusted Zone: http://www.triarchinc.com
O15 - Trusted Zone: http://www.tricarico.com
O15 - Trusted Zone: http://www.trimline-products.com
O15 - Trusted Zone: http://*.troweltech.com
O15 - Trusted Zone: http://www.trulia.com
O15 - Trusted Zone: http://www.tryonsheavyhauling.com
O15 - Trusted Zone: http://www.trytofollow.com
O15 - Trusted Zone: http://www.tscdesign.com
O15 - Trusted Zone: http://www.tullipanhomes.com.au
O15 - Trusted Zone: http://www.turbochef.com
O15 - Trusted Zone: http://www.tuttapastany.com
O15 - Trusted Zone: http://www.tvfoodmaps.com
O15 - Trusted Zone: http://*.tvmov.net
O15 - Trusted Zone: http://*.twisterchasers.com
O15 - Trusted Zone: http://*.twitter.com
O15 - Trusted Zone: http://*.txauction.com
O15 - Trusted Zone: http://www.tylarkins.com
O15 - Trusted Zone: http://stucco.typepad.com
O15 - Trusted Zone: http://www.ubuildit.com
O15 - Trusted Zone: http://www.uhc.com
O15 - Trusted Zone: http://www.uhny.com
O15 - Trusted Zone: http://www.ulrichkitchens.com
O15 - Trusted Zone: http://www.ultimatecaliforniapizza.com
O15 - Trusted Zone: http://www.umeyasushi.com
O15 - Trusted Zone: http://*.unclejacks.com
O15 - Trusted Zone: http://www.unclewills.com
O15 - Trusted Zone: http://www.underarmour.com
O15 - Trusted Zone: http://www.unionporkstore.com
O15 - Trusted Zone: http://www.unitedsub.com
O15 - Trusted Zone: http://www.universal.ch
O15 - Trusted Zone: http://*.upstateframing.com
O15 - Trusted Zone: http://shop.us-appliance.com
O15 - Trusted Zone: http://www.usps.com
O15 - Trusted Zone: http://www.ustile.com
O15 - Trusted Zone: http://www.vacationrentals.com
O15 - Trusted Zone: http://www.vacationrentalsad.com
O15 - Trusted Zone: http://www.valleywineandspirits.com
O15 - Trusted Zone: http://www.valuengine.com
O15 - Trusted Zone: http://www.vbaras.com
O15 - Trusted Zone: http://www.vbarchitecture.com
O15 - Trusted Zone: http://*.veehd.com
O15 - Trusted Zone: http://www.velocitysp.com
O15 - Trusted Zone: http://www.velux.co.uk
O15 - Trusted Zone: http://www.veluxusa.com
O15 - Trusted Zone: http://cache.vendaria.com
O15 - Trusted Zone: http://www.verandainteriors.it
O15 - Trusted Zone: http://*.verizon.com
O15 - Trusted Zone: http://products.verizonwireless.com
O15 - Trusted Zone: http://www.verizonwireless.com
O15 - Trusted Zone: http://www.vermontcastings.com
O15 - Trusted Zone: http://*.vickishomestyling.com
O15 - Trusted Zone: http://www.videosurf.com
O15 - Trusted Zone: http://www.vikingrange.com
O15 - Trusted Zone: http://hoboken.villagepourhouse.com
O15 - Trusted Zone: http://*.vimeo.com
O15 - Trusted Zone: http://www.vintage-watch.net
O15 - Trusted Zone: http://www.vintagebrick.ca
O15 - Trusted Zone: http://*.vintagegrapesclothier.com
O15 - Trusted Zone: http://www.vintageseekers.com
O15 - Trusted Zone: http://www.virtualrenderings.com
O15 - Trusted Zone: http://www.visbeenconstruction.com
O15 - Trusted Zone: http://www.visionsinplaster.com
O15 - Trusted Zone: http://www.visitdirectair.com
O15 - Trusted Zone: http://www.visualizationstudio.com
O15 - Trusted Zone: http://www.vjmarchitecture.com
O15 - Trusted Zone: http://*.vpa.com
O15 - Trusted Zone: http://consumer.wahl.com
O15 - Trusted Zone: http://www.wahlpro.com
O15 - Trusted Zone: http://www.wainscotinglongisland.com
O15 - Trusted Zone: http://www.wainscotsolutions.com
O15 - Trusted Zone: http://blog.wainscotsolutions.net
O15 - Trusted Zone: http://www.waldroninteriors.com
O15 - Trusted Zone: http://www.walkerbrock.com
O15 - Trusted Zone: http://www.walmart.com
O15 - Trusted Zone: http://www.wamuatmsg.com
O15 - Trusted Zone: http://www.washingtonspaces.com
O15 - Trusted Zone: http://www.watchco.com.au
O15 - Trusted Zone: http://www.watchdialrestoration.com
O15 - Trusted Zone: http://www.watchmakers.com
O15 - Trusted Zone: http://www.watchnet.com
O15 - Trusted Zone: http://*.watchnetwork.net
O15 - Trusted Zone: http://www.watchpartsdistributors.com
O15 - Trusted Zone: http://www.watchtoolscn.com
O15 - Trusted Zone: http://*.watchtoolscn.com
O15 - Trusted Zone: http://forums.watchuseek.com
O15 - Trusted Zone: http://www.watsontownbrick.com
O15 - Trusted Zone: http://www.wayne-dalton.com
O15 - Trusted Zone: http://www.wdwilliamsconstruction.com
O15 - Trusted Zone: http://preview.weather.com
O15 - Trusted Zone: http://www.weather.com
O15 - Trusted Zone: http://www.live.jlc.webcollage.net
O15 - Trusted Zone: http://www.weber.com
O15 - Trusted Zone: http://family.webshots.com
O15 - Trusted Zone: http://home-and-garden.webshots.com
O15 - Trusted Zone: http://rides.webshots.com
O15 - Trusted Zone: http://travel.webshots.com
O15 - Trusted Zone: http://www.weeklyadcirculars.com
O15 - Trusted Zone: http://www.wegmans.com
O15 - Trusted Zone: http://www.weidnerdesignassociates.com
O15 - Trusted Zone: http://*.weiksner.com
O15 - Trusted Zone: http://www.weissgerbers.com
O15 - Trusted Zone: http://www.wennerstendesign.com
O15 - Trusted Zone: http://www.weskcm.com
O15 - Trusted Zone: http://www.wesketch.com
O15 - Trusted Zone: http://*.wesketch.com
O15 - Trusted Zone: http://www.weskinteriors.com
O15 - Trusted Zone: http://www.westchester-modular.com
O15 - Trusted Zone: http://www.westnewyorkrestoration.com
O15 - Trusted Zone: http://www.wheretofindparking.com
O15 - Trusted Zone: http://www.whitecastle.com
O15 - Trusted Zone: http://www.wickedlasers.com
O15 - Trusted Zone: http://www.wikihow.com
O15 - Trusted Zone: http://www.wikinvest.com
O15 - Trusted Zone: http://en.wikipedia.org
O15 - Trusted Zone: http://www.willowbrookgolfcenter.com
O15 - Trusted Zone: http://www.wilsonshomeimprovement.com
O15 - Trusted Zone: http://*.wilsonshomeimprovementco.com
O15 - Trusted Zone: http://www.windsorconstructiongroup.com
O15 - Trusted Zone: http://*.windstar-windows.com
O15 - Trusted Zone: http://www.wjmarchitect.com
O15 - Trusted Zone: http://*.wn.com
O15 - Trusted Zone: http://www.wolfappliance.com
O15 - Trusted Zone: http://*.wolfgangssteakhouse.com
O15 - Trusted Zone: http://*.wolfrangehood.com
O15 - Trusted Zone: http://www.wolfsingerdesign.com
O15 - Trusted Zone: http://www.wonderhowto.com
O15 - Trusted Zone: http://www.wood-mode.com
O15 - Trusted Zone: http://www.woodburycement.com
O15 - Trusted Zone: http://*.woodchicksbbq.com
O15 - Trusted Zone: http://*.woodlandfurniture.com
O15 - Trusted Zone: http://www.woodstonehome.com
O15 - Trusted Zone: http://www.woodworkersworkshop.com
O15 - Trusted Zone: http://allbowerpower.wordpress.com
O15 - Trusted Zone: http://*.worldharbors.com
O15 - Trusted Zone: http://www.worstpizza.com
O15 - Trusted Zone: http://www.wow-coupons.com
O15 - Trusted Zone: http://www.wtbaker.com
O15 - Trusted Zone: http://www.wwe.com
O15 - Trusted Zone: http://njmls.xmlsweb.com
O15 - Trusted Zone: http://www.priv.njmls.xmlsweb.com
O15 - Trusted Zone: http://video.xnxx.com
O15 - Trusted Zone: http://www.xtranormal.com
O15 - Trusted Zone: http://us-dc1-order.store.yahoo.net
O15 - Trusted Zone: http://for-sale.yakaz.com
O15 - Trusted Zone: http://www.yardbarker.com
O15 - Trusted Zone: http://www.yardscapesinc.com
O15 - Trusted Zone: http://www.yelp.com
O15 - Trusted Zone: http://www.ymderazi.com
O15 - Trusted Zone: http://www.youngsvillecustomkitchens.com
O15 - Trusted Zone: http://www.yourgolfpackage.com
O15 - Trusted Zone: http://www.yourworldproductions.com
O15 - Trusted Zone: http://www.youtube.com
O15 - Trusted Zone: http://www.yukon-eagle.com
O15 - Trusted Zone: http://www.yzdesignatrium.com
O15 - Trusted Zone: http://www.zafrakitchens.com
O15 - Trusted Zone: http://www.zagat.com
O15 - Trusted Zone: http://www.zampolin.com
O15 - Trusted Zone: http://www.zappa.com
O15 - Trusted Zone: http://www.zappos.com
O15 - Trusted Zone: http://www.zillow.com
O15 - Trusted Zone: http://www.zolatone.com
O15 - Trusted Zone: http://www.zonefirst.com
O15 - Trusted Zone: http://www.zplusarchitects.com
O15 - Trusted IP range: http://74.127.63.18
O15 - Trusted IP range: http://68.142.224.176
O15 - Trusted IP range: http://95.64.111.32
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...nAxControl.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1162560464500
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 77650 bytes

[Jintan]

Hello again jdidonato,

The only questionable items in this log are all those websites placed in your IE Trusted Zones. Assuming you did not add all those, I will provide the means of removing them, if needed. But let's also get a more detailed look at things.


To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------------

Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of those "O15 - Trusted Zone" listings, then select “Fix Checked”, and close HijackThis.

---------------

Download DDS by sUBs from one of the following links. Save it to your desktop.

DDS.scr
DDS.pif

Then click that to run the scan. A window will open while the scan runs, and when it completes two logs will open in Notepad - DDS.txt and Attach.txt. An additional message box will open that you can just X close.

Save those two log files to your desktop (go to File - Save As and browse to your desktop to save each), then post both of them back here please.


--------------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-------------

Also download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\

mbr.exe -t

Then type exit and press Enter to close the command window.

The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please.

A lot of posting, but a good comprehensive look at things there.

[jdidonato]

Thank you, Jintan. It's my third time back and 2nd time for this computer. I remain grateful your assistance.

The computer crashed with a blue screen during gmer referencing win32k.sys. I have the hex numbers if you need them. I restarted the computer and ran gmer again. It crashed twice when I tried to run it but the computer did not crash. I was able to save a small log file but I'm sure it's incomplete. The log file for gmer and mbr are both after the system reboot from the crash.

Code:

DDS (Ver_11-03-05.01) - NTFSx86  
Run by John at  8:57:41.89 on Sat 04/02/2011
Internet Explorer: 7.0.5730.13
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/login_verify2?&.src=ym
uSearch Bar = 
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: &Copy Location - c:\windows\web\graburl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - {C651A691-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - {C651A693-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - {A58D06D4-CA90-11D2-92D2-0000F87A4A55} - c:\windows\system32\oline.dll
Trusted Zone: 48hourteetimes.com
Trusted Zone: absolutecigars.com\www
Trusted Zone: ameritrade.com\wwws
Trusted Zone: archpro.com\www2
Trusted Zone: auctiva.com\checkout
Trusted Zone: bankofamerica.com\additup
Trusted Zone: bankofamerica.com\onlineeast1
Trusted Zone: bankofamerica.com\sitekey
Trusted Zone: bankofamerica.com\www
Trusted Zone: bevmo.com\www
Trusted Zone: burkesbackyard.com.au\www
Trusted Zone: columbiabankonline.com\www
Trusted Zone: compleatgolfer.co.za\www
Trusted Zone: condo-world.com\www
Trusted Zone: cool-trade.com\www
Trusted Zone: cubanlous.com\www
Trusted Zone: decorpad.com\www
Trusted Zone: ebay.com\cschat2-na.corp
Trusted Zone: evenue.net\ev12
Trusted Zone: everythingcoldwellbanker.com\www
Trusted Zone: expertplan.com\www
Trusted Zone: ezpassnj.com\www
Trusted Zone: frontierairlines.com\booking
Trusted Zone: garmin.com\my
Trusted Zone: getsnuggie.com\www
Trusted Zone: goodsamhosp.org\www
Trusted Zone: google.com\checkout
Trusted Zone: google.com\images
Trusted Zone: google.com\mail
Trusted Zone: google.com\maps
Trusted Zone: google.com\www
Trusted Zone: grupodfx.com.br\www
Trusted Zone: guestdesk.com\search
Trusted Zone: healthnet.com\www
Trusted Zone: healthsuperstore.com\www
Trusted Zone: heartbrandbeef.com\www
Trusted Zone: hertz.com\www
Trusted Zone: icontact.com\app
Trusted Zone: idiets.com\www
Trusted Zone: ihotelier.com\booking
Trusted Zone: ihotelier.com\reservations
Trusted Zone: ilve.com.au\www
Trusted Zone: imagekind.com\www
Trusted Zone: imtco.com\secure
Trusted Zone: internet
Trusted Zone: jpmorgan.com\mm
Trusted Zone: justanswer.com\secure
Trusted Zone: labeluniverse.com\www
Trusted Zone: linkedin.com\www
Trusted Zone: microsoft.com\download
Trusted Zone: microsoft.com\office
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: microsoft.com\www.update
Trusted Zone: myaccountaccess.com\www
Trusted Zone: mysuperbuild.com\subscribe
Trusted Zone: myuhc.com\www
Trusted Zone: nespresso.com\nesclub
Trusted Zone: nextel.com\myaccount
Trusted Zone: omnovia.com\tdameritrade
Trusted Zone: overstock.com\www
Trusted Zone: patchperfect.com\www
Trusted Zone: paypal.com\history
Trusted Zone: paypal.com\www
Trusted Zone: remedialbuilders.com.au\www
Trusted Zone: renovate.com.au\www
Trusted Zone: repairnow.com\www
Trusted Zone: restaurant.com\www
Trusted Zone: sandals.com\obe
Trusted Zone: scottrade.com\trading
Trusted Zone: shadesemporium.com
Trusted Zone: sherwin-williams.com\www
Trusted Zone: sprint.com\mysprint
Trusted Zone: sprintpcs.com\manage
Trusted Zone: sprintpcs.com\sso
Trusted Zone: state.nj.us\emvc
Trusted Zone: state.nj.us\fc.dhs
Trusted Zone: state.nj.us\www
Trusted Zone: stonenz.co.nz\www
Trusted Zone: tgh.com.au\www
Trusted Zone: thestreet.com\secure2
Trusted Zone: ticketmaster.com\oss
Trusted Zone: ticketmaster.com\www
Trusted Zone: tullipanhomes.com.au\www
Trusted Zone: twitter.com
Trusted Zone: usps.com\sss-web
Trusted Zone: vanguard.com\personal
Trusted Zone: watchco.com.au\www
Trusted Zone: yahoo.com\address.mail
Trusted Zone: yahoo.com\b11.mail
Trusted Zone: yahoo.com\babelfish
Trusted Zone: yahoo.com\finance
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\maps
Trusted Zone: yahoo.com\news
Trusted Zone: yahoo.com\smallbusiness
Trusted Zone: yahoo.com\us.1.p.webhosting
Trusted Zone: yahoo.com\us.mc11.mail
Trusted Zone: yahoo.com\us.mc1105.mail
Trusted Zone: yahoo.com\us.mc384.mail
Trusted Zone: yahoo.com\webhosting
Trusted Zone: yahoo.net\us-dc1-order.store
Trusted Zone: zagatwine.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162560464500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 192.168.1.2 HP0018715C4393
.
============= SERVICES / DRIVERS ===============
.
R? ccPwdSvc;Symantec Password Validation
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? M9617;Nortel Meridian 9617
R? SavRoam;SavRoam
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? ccEvtMgr;Symantec Event Manager
S? ccSetMgr;Symantec Settings Manager
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? SAVRT;SAVRT
S? SAVRTPEL;SAVRTPEL
S? Symantec AntiVirus;Symantec AntiVirus
.
=============== Created Last 30 ================
.
2011-04-02 01:27:42	89088	----a-w-	C:\mbr.exe
.
==================== Find3M  ====================
.
2011-03-07 14:46:43	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-03-07 14:46:43	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-09 13:53:52	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53:52	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-02 07:58:35	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57:06	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-01-21 14:44:37	439296	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02	290048	----a-w-	c:\windows\system32\atmfd.dll
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_ rev.ZM10 -> Harddisk0\DR0 -> \Device\Ide\iaStor0 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89DFF439]<< 
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89e057d0]; MOV EAX, [0x89e0584c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A77FAB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89D9C030]
\Driver\iastor[0x8A72C680] -> IRP_MJ_CREATE -> 0x89DFF439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP;  }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskSAMSUNG_HD160JJ#P_______________________ZM100-34#4&2d69a77f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!! 
sectors 312499998 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH:  9:00:15.07 ===============.

Code:

==== Installed Programs ======================
.
7300_Help
7300Trb
7400
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
AiO_Scan
AiOSoftware
Apple Software Update
ATI Control Panel
ATI Display Driver
Belden Online
Broadcom Advanced Control Suite
BufferChm
Compatibility Pack for the 2007 Office system
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
CueTour
Dell Resource CD
Destinations
Director
DocProc
DocumentViewer
Fax
FormDocs 7.0.24
Free CraigsList Reader Pro from CraigsPal 4.2.3
Garmin City Navigator North America NT 2009 Update
Garmin City Navigator North America NT 2010.20
Garmin City Navigator North America NT 2011.10 Update
Garmin USB Drivers
Garmin WebUpdater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP DeskJet 1220C Printer
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Update
HPSystemDiagnostics
InstantShare
Intel Matrix Storage Manager
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9 GDI+ Patch
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Jasc Paint Shop Pro 9.01 Patch
Java Auto Updater
Java(TM) 6 Update 24
Java(TM) 6 Update 7
LiveUpdate 2.6 (Symantec Corporation)
Logitech MouseWare 9.79 
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer 5 PowerTweaks Web Accessory
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Access 2003 Runtime
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Accounting 2006
Microsoft Office XP Web Components
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Palm Desktop
PanoStandAlone
PhotoGallery
PowerDVD 5.5
PrimoPDF
PrimoPDF Redistribution Package
ProductContext
QFolder
QuickTime
Readme
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shipping Assistant 3.4
SkinsHP1
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Sonic Audio module
Sonic Copy Module
Sonic DLA
Sonic Express Labeler
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Symantec AntiVirus
TD AMERITRADE StrategyDesk 3.1
TD AMERITRADE StrategyDesk 3.2_2 (C:\Program Files\TD AMERITRADE\StrategyDesk)
TrayApp
[]Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VistaPrint Electronic Business Card
WebFldrs XP
WebLog Expert 3.6
WebReg
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! SiteBuilder
.
==== End Of File ===========================[]

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-02 09:49:31
Windows 5.1.2600 Service Pack 3
Running: bw0kssh2.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\uxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT 89C88620 ZwConnectPort

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wuauclt.exe[512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 029F000A
.text C:\WINDOWS\system32\wuauclt.exe[512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02A0000A
.text C:\WINDOWS\system32\wuauclt.exe[512] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 029E000C
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AB000A
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AC000A
.text C:\WINDOWS\System32\svchost.exe[1236] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00AA000C
.text C:\WINDOWS\System32\svchost.exe[1236] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 0182000A
.text C:\WINDOWS\Explorer.EXE[1868] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F5000A
.text C:\WINDOWS\Explorer.EXE[1868] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F6000A
.text C:\WINDOWS\Explorer.EXE[1868] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F4000C
.text C:\WINDOWS\system32\wuauclt.exe[3624] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 010F000A
.text C:\WINDOWS\system32\wuauclt.exe[3624] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0110000A
.text C:\WINDOWS\system32\wuauclt.exe[3624] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 010E000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
[]

[]Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_ rev.ZM10 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89DFB439]<<
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A784AB8]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A738548]
\Driver\iastor[0x8A724B08] -> IRP_MJ_CREATE -> 0x89DFB439
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskSAMSUNG_HD160JJ#P_______________________ZM100-34#4&2d69a77f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312499998 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.[]

[Jintan]

Probable bootkit/rootkit infection there, which does cause BSOD's often. Let's take action on that.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file on your desktop. Then click that to open the scanner.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please.

-----------

Then download ComboFix.exe from here to your desktop, then click that to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

[jdidonato]

Jintan:

tdsskiller did find a rootkit problem and after fixing required a reboot. No log file was automatically created so I ran it again and clicked the report button and cut and pasted it here.

Code:

2011/04/03 00:08:19.0718 1940	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/03 00:08:19.0921 1940	================================================================================
2011/04/03 00:08:19.0921 1940	SystemInfo:
2011/04/03 00:08:19.0921 1940	
2011/04/03 00:08:19.0921 1940	OS Version: 5.1.2600 ServicePack: 3.0
2011/04/03 00:08:19.0921 1940	Product type: Workstation
2011/04/03 00:08:19.0921 1940	ComputerName: FARFO
2011/04/03 00:08:19.0921 1940	UserName: John
2011/04/03 00:08:19.0921 1940	Windows directory: C:\WINDOWS
2011/04/03 00:08:19.0921 1940	System windows directory: C:\WINDOWS
2011/04/03 00:08:19.0921 1940	Processor architecture: Intel x86
2011/04/03 00:08:19.0921 1940	Number of processors: 2
2011/04/03 00:08:19.0921 1940	Page size: 0x1000
2011/04/03 00:08:19.0921 1940	Boot type: Normal boot
2011/04/03 00:08:19.0921 1940	================================================================================
2011/04/03 00:08:20.0156 1940	Initialize success
2011/04/03 00:08:21.0640 2712	================================================================================
2011/04/03 00:08:21.0640 2712	Scan started
2011/04/03 00:08:21.0640 2712	Mode: Manual; 
2011/04/03 00:08:21.0640 2712	================================================================================
2011/04/03 00:08:21.0953 2712	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/03 00:08:22.0031 2712	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/03 00:08:22.0062 2712	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/03 00:08:22.0140 2712	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/03 00:08:22.0187 2712	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/03 00:08:22.0265 2712	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/03 00:08:22.0359 2712	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/03 00:08:22.0390 2712	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/03 00:08:22.0437 2712	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/03 00:08:22.0484 2712	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/03 00:08:22.0484 2712	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/03 00:08:22.0531 2712	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/03 00:08:22.0593 2712	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/03 00:08:22.0640 2712	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/03 00:08:22.0703 2712	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/03 00:08:22.0750 2712	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/03 00:08:22.0843 2712	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/03 00:08:22.0921 2712	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/03 00:08:22.0953 2712	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/03 00:08:22.0984 2712	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/03 00:08:23.0046 2712	ati2mtag        (12e4f943eda605a621ee1698b5bea618) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/03 00:08:23.0093 2712	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/03 00:08:23.0140 2712	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/03 00:08:23.0156 2712	b57w2k          (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/03 00:08:23.0171 2712	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/03 00:08:23.0234 2712	BVRPMPR5        (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/04/03 00:08:23.0390 2712	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/03 00:08:23.0406 2712	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/03 00:08:23.0421 2712	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/03 00:08:23.0468 2712	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/03 00:08:23.0484 2712	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/03 00:08:23.0515 2712	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/03 00:08:23.0578 2712	CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/03 00:08:23.0656 2712	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/03 00:08:23.0718 2712	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/03 00:08:23.0718 2712	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/03 00:08:23.0828 2712	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/03 00:08:23.0875 2712	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/03 00:08:23.0906 2712	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/03 00:08:23.0921 2712	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/03 00:08:23.0953 2712	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/03 00:08:23.0968 2712	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/03 00:08:24.0000 2712	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/03 00:08:24.0062 2712	drvmcdb         (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/04/03 00:08:24.0078 2712	drvnddm         (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/04/03 00:08:24.0109 2712	E100B           (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/03 00:08:24.0250 2712	eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/03 00:08:24.0296 2712	EraserUtilDrvI10 (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys
2011/04/03 00:08:24.0328 2712	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/03 00:08:24.0375 2712	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/03 00:08:24.0390 2712	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/03 00:08:24.0421 2712	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/03 00:08:24.0437 2712	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/03 00:08:24.0453 2712	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/03 00:08:24.0484 2712	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/03 00:08:24.0562 2712	gmer            (b56eb0a2210980e76390bd670bcb618b) C:\WINDOWS\system32\DRIVERS\gmer.sys
2011/04/03 00:08:24.0593 2712	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/03 00:08:24.0609 2712	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/03 00:08:24.0640 2712	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/03 00:08:24.0671 2712	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/03 00:08:24.0750 2712	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/03 00:08:24.0765 2712	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/03 00:08:24.0781 2712	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/03 00:08:24.0812 2712	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/03 00:08:24.0843 2712	iastor          (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys
2011/04/03 00:08:24.0875 2712	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/03 00:08:24.0890 2712	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/03 00:08:24.0937 2712	IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/03 00:08:25.0000 2712	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/03 00:08:25.0046 2712	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/03 00:08:25.0062 2712	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/03 00:08:25.0078 2712	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/03 00:08:25.0156 2712	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/03 00:08:25.0203 2712	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/03 00:08:25.0218 2712	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/03 00:08:25.0234 2712	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/03 00:08:25.0281 2712	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/03 00:08:25.0296 2712	kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/03 00:08:25.0312 2712	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/03 00:08:25.0343 2712	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/03 00:08:25.0390 2712	L8042pr2        (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
2011/04/03 00:08:25.0437 2712	LMouFlt2        (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
2011/04/03 00:08:25.0500 2712	M9617           (536e7effb32d5e43669808888040d15e) C:\WINDOWS\system32\DRIVERS\M9617.sys
2011/04/03 00:08:25.0531 2712	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/03 00:08:25.0578 2712	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/03 00:08:25.0609 2712	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/03 00:08:25.0671 2712	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/03 00:08:25.0687 2712	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/03 00:08:25.0718 2712	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/03 00:08:25.0750 2712	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/03 00:08:25.0812 2712	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/03 00:08:25.0843 2712	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/03 00:08:25.0890 2712	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/03 00:08:25.0906 2712	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/03 00:08:25.0921 2712	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/03 00:08:25.0984 2712	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/03 00:08:26.0000 2712	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/03 00:08:26.0218 2712	NAVENG          (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110402.003\naveng.sys
2011/04/03 00:08:26.0296 2712	NAVEX15         (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110402.003\navex15.sys
2011/04/03 00:08:26.0328 2712	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/03 00:08:26.0375 2712	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/03 00:08:26.0406 2712	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/03 00:08:26.0437 2712	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/03 00:08:26.0468 2712	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/03 00:08:26.0500 2712	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/03 00:08:26.0515 2712	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/03 00:08:26.0546 2712	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/03 00:08:26.0656 2712	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/03 00:08:26.0687 2712	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/03 00:08:26.0765 2712	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/03 00:08:26.0796 2712	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/03 00:08:26.0812 2712	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/03 00:08:26.0859 2712	omci            (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/04/03 00:08:26.0875 2712	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/03 00:08:26.0890 2712	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/03 00:08:26.0906 2712	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/03 00:08:26.0921 2712	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/03 00:08:26.0953 2712	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/03 00:08:26.0984 2712	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/03 00:08:27.0046 2712	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/03 00:08:27.0062 2712	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/03 00:08:27.0125 2712	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/03 00:08:27.0140 2712	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/03 00:08:27.0156 2712	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/03 00:08:27.0203 2712	PxHelp20        (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/03 00:08:27.0218 2712	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/03 00:08:27.0234 2712	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/03 00:08:27.0234 2712	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/03 00:08:27.0250 2712	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/03 00:08:27.0265 2712	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/03 00:08:27.0312 2712	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/03 00:08:27.0328 2712	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/03 00:08:27.0359 2712	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/03 00:08:27.0375 2712	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/03 00:08:27.0390 2712	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/03 00:08:27.0406 2712	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/03 00:08:27.0437 2712	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/03 00:08:27.0468 2712	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/03 00:08:27.0515 2712	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/03 00:08:27.0687 2712	SAVRT           (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/04/03 00:08:27.0703 2712	SAVRTPEL        (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/04/03 00:08:27.0750 2712	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/03 00:08:27.0781 2712	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/03 00:08:27.0796 2712	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/03 00:08:27.0843 2712	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/03 00:08:27.0906 2712	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/03 00:08:27.0984 2712	SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/04/03 00:08:28.0015 2712	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/03 00:08:28.0062 2712	SPBBCDrv        (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/04/03 00:08:28.0093 2712	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/03 00:08:28.0125 2712	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/03 00:08:28.0187 2712	Srv             (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/03 00:08:28.0203 2712	sscdbhk5        (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/04/03 00:08:28.0218 2712	ssrtln          (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/04/03 00:08:28.0296 2712	STHDA           (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/04/03 00:08:28.0359 2712	StillCam        (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/04/03 00:08:28.0390 2712	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/03 00:08:28.0421 2712	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/03 00:08:28.0453 2712	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/03 00:08:28.0484 2712	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/03 00:08:28.0562 2712	SymEvent        (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
2011/04/03 00:08:28.0640 2712	SYMREDRV        (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/04/03 00:08:28.0687 2712	SYMTDI          (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/04/03 00:08:28.0718 2712	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/03 00:08:28.0734 2712	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/03 00:08:28.0765 2712	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/03 00:08:28.0828 2712	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/03 00:08:28.0859 2712	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/03 00:08:28.0890 2712	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/03 00:08:28.0937 2712	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/03 00:08:29.0000 2712	tfsnboio        (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/04/03 00:08:29.0062 2712	tfsncofs        (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/04/03 00:08:29.0078 2712	tfsndrct        (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/04/03 00:08:29.0109 2712	tfsndres        (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/04/03 00:08:29.0125 2712	tfsnifs         (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/04/03 00:08:29.0140 2712	tfsnopio        (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/04/03 00:08:29.0171 2712	tfsnpool        (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/04/03 00:08:29.0171 2712	tfsnudf         (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/04/03 00:08:29.0187 2712	tfsnudfa        (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/04/03 00:08:29.0218 2712	TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/03 00:08:29.0265 2712	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/03 00:08:29.0312 2712	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/03 00:08:29.0375 2712	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/03 00:08:29.0437 2712	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/03 00:08:29.0468 2712	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/03 00:08:29.0484 2712	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/03 00:08:29.0515 2712	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/03 00:08:29.0578 2712	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/03 00:08:29.0734 2712	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/03 00:08:29.0765 2712	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/03 00:08:29.0765 2712	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/03 00:08:29.0796 2712	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/03 00:08:29.0828 2712	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/03 00:08:29.0859 2712	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/03 00:08:29.0890 2712	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/03 00:08:29.0906 2712	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/03 00:08:29.0953 2712	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/03 00:08:30.0046 2712	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/03 00:08:30.0078 2712	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/03 00:08:30.0265 2712	================================================================================
2011/04/03 00:08:30.0265 2712	Scan finished
2011/04/03 00:08:30.0265 2712	================================================================================

Code:

ComboFix 11-04-02.03 - John 04/03/2011   0:19.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1432 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\John\Favorites\.url
c:\documents and settings\John\System
c:\documents and settings\John\System\win_qs8.jqx
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-03 to 2011-04-03  )))))))))))))))))))))))))))))))
.
.
2011-04-02 13:58 . 2011-04-02 13:58	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-02 01:27 . 2011-04-02 01:27	89088	----a-w-	C:\mbr.exe
2011-03-07 14:46 . 2011-03-07 14:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 14:46 . 2010-09-20 13:40	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-03-07 14:46 . 2010-09-16 13:20	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-09 13:53 . 2004-08-11 22:00	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 22:00	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-11 22:11	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 22:11	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 22:00	439296	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00	290048	----a-w-	c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\WebLog Expert\\WLExpert.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\SPBBCSvc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 M9617;Nortel Meridian 9617;c:\windows\system32\drivers\M9617.sys [12/10/2005 6:15 AM 10304]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilDrvI10
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.farfo.com/
IE: &Copy Location - c:\windows\WEB\graburl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{B06300D0-CCDE-11d2-92D3-0000F87A4A55} - {C651A691-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {{BF80219A-CCDD-11d2-92D3-0000F87A4A55} - {C651A693-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {{FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - {A58D06D4-CA90-11D2-92D2-0000F87A4A55} - c:\windows\system32\oline.dll
Trusted Zone: 48hourteetimes.com
Trusted Zone: absolutecigars.com\www
Trusted Zone: ameritrade.com\wwws
Trusted Zone: archpro.com\www2
Trusted Zone: auctiva.com\checkout
Trusted Zone: bankofamerica.com\additup
Trusted Zone: bankofamerica.com\onlineeast1
Trusted Zone: bankofamerica.com\sitekey
Trusted Zone: bankofamerica.com\www
Trusted Zone: bevmo.com\www
Trusted Zone: burkesbackyard.com.au\www
Trusted Zone: columbiabankonline.com\www
Trusted Zone: compleatgolfer.co.za\www
Trusted Zone: condo-world.com\www
Trusted Zone: cool-trade.com\www
Trusted Zone: cubanlous.com\www
Trusted Zone: decorpad.com\www
Trusted Zone: ebay.com\cschat2-na.corp
Trusted Zone: evenue.net\ev12
Trusted Zone: everythingcoldwellbanker.com\www
Trusted Zone: expertplan.com\www
Trusted Zone: ezpassnj.com\www
Trusted Zone: frontierairlines.com\booking
Trusted Zone: garmin.com\my
Trusted Zone: getsnuggie.com\www
Trusted Zone: goodsamhosp.org\www
Trusted Zone: google.com\checkout
Trusted Zone: google.com\images
Trusted Zone: google.com\mail
Trusted Zone: google.com\maps
Trusted Zone: google.com\www
Trusted Zone: grupodfx.com.br\www
Trusted Zone: guestdesk.com\search
Trusted Zone: healthnet.com\www
Trusted Zone: healthsuperstore.com\www
Trusted Zone: heartbrandbeef.com\www
Trusted Zone: hertz.com\www
Trusted Zone: hijackthis-forum.de\www
Trusted Zone: icontact.com\app
Trusted Zone: idiets.com\www
Trusted Zone: ihotelier.com\booking
Trusted Zone: ihotelier.com\reservations
Trusted Zone: ilve.com.au\www
Trusted Zone: imagekind.com\www
Trusted Zone: imtco.com\secure
Trusted Zone: internet
Trusted Zone: jpmorgan.com\mm
Trusted Zone: justanswer.com\secure
Trusted Zone: labeluniverse.com\www
Trusted Zone: linkedin.com\www
Trusted Zone: microsoft.com\download
Trusted Zone: microsoft.com\office
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: microsoft.com\www.update
Trusted Zone: myaccountaccess.com\www
Trusted Zone: mysuperbuild.com\subscribe
Trusted Zone: myuhc.com\www
Trusted Zone: nespresso.com\nesclub
Trusted Zone: nextel.com\myaccount
Trusted Zone: omnovia.com\tdameritrade
Trusted Zone: overstock.com\www
Trusted Zone: patchperfect.com\www
Trusted Zone: paypal.com\history
Trusted Zone: paypal.com\www
Trusted Zone: remedialbuilders.com.au\www
Trusted Zone: renovate.com.au\www
Trusted Zone: repairnow.com\www
Trusted Zone: restaurant.com\www
Trusted Zone: sandals.com\obe
Trusted Zone: scottrade.com\trading
Trusted Zone: shadesemporium.com
Trusted Zone: sherwin-williams.com\www
Trusted Zone: sprint.com\mysprint
Trusted Zone: sprintpcs.com\manage
Trusted Zone: sprintpcs.com\sso
Trusted Zone: state.nj.us\emvc
Trusted Zone: state.nj.us\fc.dhs
Trusted Zone: state.nj.us\www
Trusted Zone: stonenz.co.nz\www
Trusted Zone: tgh.com.au\www
Trusted Zone: thestreet.com\secure2
Trusted Zone: ticketmaster.com\oss
Trusted Zone: ticketmaster.com\www
Trusted Zone: tullipanhomes.com.au\www
Trusted Zone: twitter.com
Trusted Zone: usps.com\sss-web
Trusted Zone: vanguard.com\personal
Trusted Zone: watchco.com.au\www
Trusted Zone: yahoo.com\address.mail
Trusted Zone: yahoo.com\b11.mail
Trusted Zone: yahoo.com\babelfish
Trusted Zone: yahoo.com\finance
Trusted Zone: yahoo.com\login
Trusted Zone: yahoo.com\maps
Trusted Zone: yahoo.com\news
Trusted Zone: yahoo.com\smallbusiness
Trusted Zone: yahoo.com\us.1.p.webhosting
Trusted Zone: yahoo.com\us.mc11.mail
Trusted Zone: yahoo.com\us.mc1105.mail
Trusted Zone: yahoo.com\us.mc384.mail
Trusted Zone: yahoo.com\webhosting
Trusted Zone: yahoo.net\us-dc1-order.store
Trusted Zone: zagatwine.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-03 00:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2690182803-9245028-2511381735-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-04-03  00:28:21
ComboFix-quarantined-files.txt  2011-04-03 04:28
.
Pre-Run: 98,764,161,024 bytes free
Post-Run: 102,204,952,576 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C8686C74CBBEBD0AF80A6BA63D10E329

[Jintan]

Check in your C drive folder for that first TDSSKiller log please. I would like to verify what it removed. Let's make other changes, then review after.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


The Trusted Zone list is still there, but appears to be different than the earlier log showed. Are these your choices? If not, download DELDOMAINS -> right click the link, and select Save Link/Target As), and save that to your desktop. Then right-click and Select 'Install' from the Menu. You may only see the desktop perhaps flicker when the fix makes the corrections.

---------------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.



If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.

Post that log and the Malwarebytes log please. Also a new Gmer scan log.

And run a new DDS scan. If you see all those Trusted Zone entries again in it, post that as well please (the DDS.txt log).

[jdidonato]

Jintan:

I will run the eset program again because the progress bar said it was only 33% completed after almost 2 hours and then 5 minutes later it had completed the scan. I'm not sure if that is proper or if I did something wrong but I expected the scan to run for much longer as per the progress bar. I've posted the results and will run again to see if it finds anything the 2nd time.

The trusted zones were gone from the DDS log file so I did not post that one.

Code:

2011/04/03 00:02:04.0328 3420	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/03 00:02:04.0531 3420	================================================================================
2011/04/03 00:02:04.0531 3420	SystemInfo:
2011/04/03 00:02:04.0531 3420	
2011/04/03 00:02:04.0531 3420	OS Version: 5.1.2600 ServicePack: 3.0
2011/04/03 00:02:04.0531 3420	Product type: Workstation
2011/04/03 00:02:04.0531 3420	ComputerName: FARFO
2011/04/03 00:02:04.0531 3420	UserName: John
2011/04/03 00:02:04.0531 3420	Windows directory: C:\WINDOWS
2011/04/03 00:02:04.0531 3420	System windows directory: C:\WINDOWS
2011/04/03 00:02:04.0531 3420	Processor architecture: Intel x86
2011/04/03 00:02:04.0531 3420	Number of processors: 2
2011/04/03 00:02:04.0531 3420	Page size: 0x1000
2011/04/03 00:02:04.0531 3420	Boot type: Normal boot
2011/04/03 00:02:04.0531 3420	================================================================================
2011/04/03 00:02:06.0000 3420	Initialize success
2011/04/03 00:02:09.0453 3240	================================================================================
2011/04/03 00:02:09.0453 3240	Scan started
2011/04/03 00:02:09.0453 3240	Mode: Manual; 
2011/04/03 00:02:09.0453 3240	================================================================================
2011/04/03 00:02:11.0687 3240	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/03 00:02:11.0796 3240	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/03 00:02:11.0875 3240	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/03 00:02:11.0953 3240	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/03 00:02:12.0031 3240	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/03 00:02:12.0109 3240	AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/03 00:02:12.0218 3240	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/03 00:02:12.0343 3240	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/03 00:02:12.0468 3240	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/03 00:02:12.0562 3240	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/03 00:02:12.0750 3240	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/03 00:02:12.0812 3240	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/03 00:02:12.0906 3240	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/03 00:02:12.0921 3240	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/03 00:02:13.0000 3240	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/03 00:02:13.0093 3240	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/03 00:02:13.0125 3240	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/03 00:02:13.0171 3240	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/03 00:02:13.0250 3240	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/03 00:02:13.0328 3240	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/03 00:02:13.0437 3240	ati2mtag        (12e4f943eda605a621ee1698b5bea618) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/03 00:02:13.0531 3240	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/03 00:02:13.0625 3240	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/03 00:02:13.0703 3240	b57w2k          (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/03 00:02:13.0750 3240	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/03 00:02:13.0859 3240	BVRPMPR5        (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/04/03 00:02:14.0046 3240	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/03 00:02:14.0062 3240	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/03 00:02:14.0093 3240	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/03 00:02:14.0140 3240	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/03 00:02:14.0234 3240	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/03 00:02:14.0281 3240	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/03 00:02:14.0375 3240	CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/03 00:02:14.0421 3240	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/03 00:02:14.0453 3240	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/03 00:02:14.0500 3240	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/03 00:02:14.0609 3240	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/03 00:02:14.0703 3240	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/03 00:02:14.0750 3240	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/03 00:02:14.0765 3240	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/03 00:02:14.0828 3240	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/03 00:02:14.0890 3240	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/03 00:02:14.0937 3240	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/03 00:02:15.0031 3240	drvmcdb         (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/04/03 00:02:15.0078 3240	drvnddm         (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/04/03 00:02:15.0109 3240	E100B           (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/03 00:02:15.0265 3240	eeCtrl          (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/04/03 00:02:15.0375 3240	EraserUtilDrvI10 (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys
2011/04/03 00:02:15.0562 3240	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/03 00:02:15.0625 3240	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/03 00:02:15.0687 3240	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/03 00:02:15.0750 3240	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/03 00:02:15.0828 3240	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/03 00:02:15.0875 3240	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/03 00:02:15.0921 3240	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/03 00:02:15.0984 3240	gmer            (b56eb0a2210980e76390bd670bcb618b) C:\WINDOWS\system32\DRIVERS\gmer.sys
2011/04/03 00:02:16.0046 3240	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/03 00:02:16.0140 3240	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/03 00:02:16.0203 3240	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/03 00:02:16.0312 3240	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/03 00:02:16.0375 3240	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/03 00:02:16.0437 3240	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/03 00:02:16.0515 3240	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/03 00:02:16.0625 3240	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/03 00:02:16.0781 3240	iastor          (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iastor.sys
2011/04/03 00:02:16.0875 3240	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/03 00:02:16.0953 3240	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/03 00:02:17.0031 3240	IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/03 00:02:17.0109 3240	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/03 00:02:17.0171 3240	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/03 00:02:17.0187 3240	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/03 00:02:17.0218 3240	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/03 00:02:17.0265 3240	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/03 00:02:17.0343 3240	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/03 00:02:17.0453 3240	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/03 00:02:17.0500 3240	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/03 00:02:17.0562 3240	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/03 00:02:17.0609 3240	kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/03 00:02:17.0671 3240	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/03 00:02:17.0765 3240	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/03 00:02:17.0890 3240	L8042pr2        (4103dbb6caa85e40d271c1ad12bbf776) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
2011/04/03 00:02:18.0000 3240	LMouFlt2        (b666f835c18974f392a387c6e863072f) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
2011/04/03 00:02:18.0093 3240	M9617           (536e7effb32d5e43669808888040d15e) C:\WINDOWS\system32\DRIVERS\M9617.sys
2011/04/03 00:02:18.0140 3240	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/03 00:02:18.0250 3240	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/03 00:02:18.0296 3240	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/03 00:02:18.0390 3240	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/03 00:02:18.0453 3240	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/03 00:02:18.0531 3240	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/03 00:02:18.0578 3240	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/03 00:02:18.0718 3240	MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/03 00:02:18.0812 3240	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/03 00:02:18.0859 3240	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/03 00:02:18.0906 3240	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/03 00:02:18.0968 3240	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/03 00:02:19.0046 3240	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/03 00:02:19.0062 3240	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/03 00:02:19.0562 3240	NAVENG          (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110402.003\naveng.sys
2011/04/03 00:02:19.0671 3240	NAVEX15         (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110402.003\navex15.sys
2011/04/03 00:02:19.0921 3240	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/03 00:02:20.0031 3240	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/03 00:02:20.0109 3240	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/03 00:02:20.0171 3240	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/03 00:02:20.0250 3240	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/03 00:02:20.0312 3240	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/03 00:02:20.0406 3240	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/03 00:02:20.0531 3240	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/03 00:02:20.0593 3240	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/03 00:02:20.0671 3240	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/03 00:02:20.0859 3240	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/03 00:02:20.0906 3240	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/03 00:02:20.0921 3240	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/03 00:02:20.0984 3240	omci            (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/04/03 00:02:21.0078 3240	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/03 00:02:21.0125 3240	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/03 00:02:21.0187 3240	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/03 00:02:21.0203 3240	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/03 00:02:21.0250 3240	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/03 00:02:21.0328 3240	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/03 00:02:21.0406 3240	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/03 00:02:21.0421 3240	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/03 00:02:21.0500 3240	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/03 00:02:21.0515 3240	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/03 00:02:21.0578 3240	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/03 00:02:21.0625 3240	PxHelp20        (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/03 00:02:21.0656 3240	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/03 00:02:21.0703 3240	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/03 00:02:21.0718 3240	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/03 00:02:21.0734 3240	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/03 00:02:21.0750 3240	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/03 00:02:21.0796 3240	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/03 00:02:21.0875 3240	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/03 00:02:21.0937 3240	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/03 00:02:21.0968 3240	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/03 00:02:22.0062 3240	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/03 00:02:22.0125 3240	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/03 00:02:22.0171 3240	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/03 00:02:22.0234 3240	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/03 00:02:22.0281 3240	redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/03 00:02:22.0500 3240	SAVRT           (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/04/03 00:02:22.0578 3240	SAVRTPEL        (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/04/03 00:02:22.0656 3240	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/03 00:02:22.0734 3240	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/03 00:02:22.0781 3240	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/03 00:02:22.0921 3240	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/03 00:02:23.0015 3240	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/03 00:02:23.0109 3240	SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/04/03 00:02:23.0140 3240	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/03 00:02:23.0171 3240	SPBBCDrv        (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/04/03 00:02:23.0218 3240	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/03 00:02:23.0265 3240	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/03 00:02:23.0343 3240	Srv             (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/03 00:02:23.0437 3240	sscdbhk5        (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/04/03 00:02:23.0453 3240	ssrtln          (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/04/03 00:02:23.0562 3240	STHDA           (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/04/03 00:02:23.0687 3240	StillCam        (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/04/03 00:02:23.0703 3240	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/03 00:02:23.0765 3240	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/03 00:02:23.0828 3240	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/03 00:02:23.0890 3240	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/03 00:02:23.0984 3240	SymEvent        (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
2011/04/03 00:02:24.0046 3240	SYMREDRV        (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/04/03 00:02:24.0109 3240	SYMTDI          (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/04/03 00:02:24.0171 3240	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/03 00:02:24.0187 3240	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/03 00:02:24.0281 3240	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/03 00:02:24.0343 3240	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/03 00:02:24.0406 3240	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/03 00:02:24.0468 3240	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/03 00:02:24.0515 3240	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/03 00:02:24.0609 3240	tfsnboio        (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/04/03 00:02:24.0671 3240	tfsncofs        (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/04/03 00:02:24.0734 3240	tfsndrct        (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/04/03 00:02:24.0812 3240	tfsndres        (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/04/03 00:02:24.0890 3240	tfsnifs         (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/04/03 00:02:24.0953 3240	tfsnopio        (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/04/03 00:02:25.0000 3240	tfsnpool        (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/04/03 00:02:25.0015 3240	tfsnudf         (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/04/03 00:02:25.0031 3240	tfsnudfa        (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/04/03 00:02:25.0125 3240	TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/03 00:02:25.0187 3240	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/03 00:02:25.0234 3240	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/03 00:02:25.0296 3240	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/03 00:02:25.0406 3240	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/03 00:02:25.0484 3240	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/03 00:02:25.0562 3240	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/03 00:02:25.0609 3240	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/03 00:02:25.0718 3240	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/03 00:02:25.0812 3240	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/03 00:02:25.0875 3240	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/03 00:02:25.0890 3240	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/03 00:02:25.0921 3240	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/03 00:02:26.0000 3240	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/03 00:02:26.0046 3240	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/03 00:02:26.0109 3240	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/03 00:02:26.0156 3240	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/03 00:02:26.0218 3240	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/03 00:02:26.0421 3240	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/03 00:02:26.0500 3240	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/03 00:02:26.0531 3240	\HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/03 00:02:26.0531 3240	================================================================================
2011/04/03 00:02:26.0531 3240	Scan finished
2011/04/03 00:02:26.0531 3240	================================================================================
2011/04/03 00:02:26.0531 1312	Detected object count: 1
2011/04/03 00:02:41.0718 1312	\HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/03 00:02:41.0718 1312	\HardDisk0 - ok
2011/04/03 00:02:41.0718 1312	Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 
2011/04/03 00:02:50.0328 0252	Deinitialize success

Code:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6230

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/3/2011 9:14:39 AM
mbam-log-2011-04-03 (09-14-39).txt

Scan type: Quick scan
Objects scanned: 159584
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Code:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17095 (vista_gdr.101217-1830)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=248851e65484904fadd332e99bbb4241
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-03 08:14:07
# local_time=2011-04-03 04:14:07 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 70833285 70833285 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=129934
# found=0
# cleaned=0
# scan_time=8596

Code:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-03 18:30:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.ZM10
Running: bw0kssh2.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\uxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT            89BE9358                                                                                                        ZwConnectPort

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                          SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                       SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                       SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                     SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                        fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                        SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer                                                              tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer                                                               tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer                                                                   tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer                                                                tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer                                                               tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Cdfs \Cdfs                                                                                          A77F9400

---- Registry - GMER 1.0.15 ----

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count  2369623

---- EOF - GMER 1.0.15 ----

[Jintan]

The Eset log appears to show an "average" scan time, and nothing found. Is it the first or second run? Looks good right now. Gmer picked up a restricted Registry key related to a FlashPlayer file install. The install appears legit, and the download for it checks out okay, so not sure why the restrictions. Let's see if ComboFix will just undo those, to ensure no remnants of changes remain.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

Code:

RegLock::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}]

Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

Also run and post a new Gmer log with that please.

[jdidonato]

Jintan:

The prior posted eset log was the first run. The 2nd run did not find any infections and ran for approx the same amount of time.

The system seemed to be running faster and more stable but after gmer completed the system locked up. I was able to save the log but then needed to force a hard shutdown. Couldn't even get task manager to run.

Code:

ComboFix 11-04-03.03 - John 04/04/2011   5:10.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2046.1206 [GMT -4:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-04 to 2011-04-04  )))))))))))))))))))))))))))))))
.
.
2011-04-03 13:25 . 2011-04-03 13:25	--------	d-----w-	c:\program files\ESET
2011-04-02 13:58 . 2011-04-02 13:58	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-04-02 01:27 . 2011-04-02 01:27	89088	----a-w-	C:\mbr.exe
2011-03-07 14:46 . 2011-03-07 14:46	--------	d-----w-	c:\documents and settings\All Users\Application Data\McAfee
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 14:46 . 2010-09-20 13:40	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-03-07 14:46 . 2010-09-16 13:20	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-02-09 13:53 . 2004-08-11 22:00	270848	----a-w-	c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 22:00	186880	----a-w-	c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-11 22:11	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 22:11	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 22:00	439296	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 22:00	290048	----a-w-	c:\windows\system32\atmfd.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-03_04.26.24   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-03 13:30 . 2011-04-03 13:30	16384              c:\windows\Temp\Perflib_Perfdata_354.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-14 339968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\WebLog Expert\\WLExpert.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\SPBBCSvc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 M9617;Nortel Meridian 9617;c:\windows\system32\drivers\M9617.sys [12/10/2005 6:15 AM 10304]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilDrvI10
*Deregistered* - uxtdypob
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.farfo.com/
IE: &Copy Location - c:\windows\WEB\graburl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{B06300D0-CCDE-11d2-92D3-0000F87A4A55} - {C651A691-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {{BF80219A-CCDD-11d2-92D3-0000F87A4A55} - {C651A693-CCD9-11D2-92D3-0000F87A4A55} - c:\windows\system32\webzone.dll
IE: {{FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - {A58D06D4-CA90-11D2-92D2-0000F87A4A55} - c:\windows\system32\oline.dll
Trusted Zone: eset.com\www
Trusted Zone: farfo.com\www
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-04 05:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2690182803-9245028-2511381735-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(308)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-04  05:21:57
ComboFix-quarantined-files.txt  2011-04-04 09:21
ComboFix2.txt  2011-04-03 04:28
.
Pre-Run: 101,667,708,928 bytes free
Post-Run: 102,249,250,816 bytes free
.
- - End Of File - - 556D5ADDE597B5ED5486C02166A760F0

Code:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-04 07:13:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.ZM10
Running: bw0kssh2.exe; Driver: C:\DOCUME~1\John\LOCALS~1\Temp\uxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT            89BE9358                                                  ZwConnectPort

---- Kernel code sections - GMER 1.0.15 ----

?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                The system cannot find the file specified. !
?               C:\DOCUME~1\John\LOCALS~1\Temp\catchme.sys                The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                    SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                  SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                 SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                 SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                               SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                  SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device          \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer        tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer             tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer         tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer          tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer         tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File            C:\WINDOWS\$hf_mig$\KB2079403\update\branches.inf         926 bytes
File            C:\WINDOWS\$hf_mig$\KB2079403\update\eula.txt             804 bytes
File            C:\WINDOWS\$hf_mig$\KB2079403\update\KB2079403.CAT        7860 bytes
File            C:\WINDOWS\$hf_mig$\KB2079403\update\spcustom.dll         26488 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2079403\update\update.exe           755576 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2079403\update\update.ver           204 bytes
File            C:\WINDOWS\$hf_mig$\KB2079403\update\updatebr.inf         497 bytes
File            C:\WINDOWS\$hf_mig$\KB2079403\update\update_SP3QFE.inf    24875 bytes
File            C:\WINDOWS\$hf_mig$\KB2079403\update\updspapi.dll         382840 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2115168\SP3QFE                      0 bytes
File            C:\WINDOWS\$hf_mig$\KB2115168\SP3QFE\l3codecx.ax          143422 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2115168\spmsg.dll                   17272 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2115168\spuninst.exe                231288 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2115168\update                      0 bytes
File            C:\WINDOWS\$hf_mig$\KB2115168\update\branches.inf         926 bytes
File            C:\WINDOWS\$hf_mig$\KB2115168\update\eula.txt             804 bytes
File            C:\WINDOWS\$hf_mig$\KB2115168\update\KB2115168.CAT        7860 bytes
File            C:\WINDOWS\$hf_mig$\KB2115168\update\spcustom.dll         26488 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2115168\update\update.exe           755576 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2115168\update\update.ver           204 bytes
File            C:\WINDOWS\$hf_mig$\KB2115168\update\updatebr.inf         497 bytes
File            C:\WINDOWS\$hf_mig$\KB2115168\update\update_SP3QFE.inf    24645 bytes
File            C:\WINDOWS\$hf_mig$\KB2115168\update\updspapi.dll         382840 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2121546\SP3QFE\winsrv.dll           293376 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2121546\update\branches.inf         926 bytes
File            C:\WINDOWS\$hf_mig$\KB2121546\update\eula.txt             804 bytes
File            C:\WINDOWS\$hf_mig$\KB2121546\update\KB2121546.CAT        7860 bytes
File            C:\WINDOWS\$hf_mig$\KB2121546\update\spcustom.dll         26488 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2121546\update\update.exe           755576 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2121546\update\update.ver           202 bytes
File            C:\WINDOWS\$hf_mig$\KB2121546\update\updatebr.inf         497 bytes
File            C:\WINDOWS\$hf_mig$\KB2121546\update\update_SP3QFE.inf    24878 bytes
File            C:\WINDOWS\$hf_mig$\KB2121546\update\updspapi.dll         382840 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2141007\SP3QFE                      0 bytes
File            C:\WINDOWS\$hf_mig$\KB2141007\SP3QFE\inetcomm.dll         692736 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2141007\spmsg.dll                   17272 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2141007\spuninst.exe                231288 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2141007\update                      0 bytes
File            C:\WINDOWS\$hf_mig$\KB2141007\update\branches.inf         926 bytes
File            C:\WINDOWS\$hf_mig$\KB2141007\update\eula.txt             804 bytes
File            C:\WINDOWS\$hf_mig$\KB2141007\update\KB2141007.CAT        7860 bytes
File            C:\WINDOWS\$hf_mig$\KB2141007\update\spcustom.dll         26488 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2141007\update\update.exe           755576 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2141007\update\update.ver           206 bytes
File            C:\WINDOWS\$hf_mig$\KB2141007\update\updatebr.inf         497 bytes
File            C:\WINDOWS\$hf_mig$\KB2141007\update\update_SP3QFE.inf    24669 bytes
File            C:\WINDOWS\$hf_mig$\KB2141007\update\updspapi.dll         382840 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE                      0 bytes
File            C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys           1861120 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2160329\spmsg.dll                   17272 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2160329\spuninst.exe                231288 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2160329\update                      0 bytes
File            C:\WINDOWS\$hf_mig$\KB2160329\update\branches.inf         926 bytes
File            C:\WINDOWS\$hf_mig$\KB2160329\update\eula.txt             804 bytes
File            C:\WINDOWS\$hf_mig$\KB2160329\update\KB2160329.CAT        8158 bytes
File            C:\WINDOWS\$hf_mig$\KB2160329\update\spcustom.dll         26488 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2160329\update\update.exe           755576 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2160329\update\update.ver           204 bytes
File            C:\WINDOWS\$hf_mig$\KB2160329\update\updatebr.inf         497 bytes
File            C:\WINDOWS\$hf_mig$\KB2160329\update\update_SP3QFE.inf    26114 bytes
File            C:\WINDOWS\$hf_mig$\KB2160329\update\updspapi.dll         382840 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\iepeers.dll      193024 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\advpack.dll      124928 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\corpol.dll       17408 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\dxtmsft.dll      347136 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\dxtrans.dll      214528 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\extmgr.dll       132608 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\html.iec         389120 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\icardie.dll      63488 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\ie4uinit.exe     70656 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\ieakeng.dll      153088 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\ieaksie.dll      230400 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\ieakui.dll       161792 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\ieapfltr.dat     2452872 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\ieapfltr.dll     380928 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\iedkcs32.dll     388608 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\ieencode.dll     78336 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\ieframe.dll      6071296 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\ieframe.dll.mui  991232 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\iernonce.dll     44544 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\iertutil.dll     268288 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\ieudinit.exe     13824 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\iexplore.exe     634648 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\inetcpl.cpl      1830912 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\jsproxy.dll      27648 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\msfeeds.dll      459264 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\msfeedsbs.dll    52224 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\mshtml.dll       3603968 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\mshtmled.dll     477696 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\msrating.dll     193024 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\mstime.dll       671232 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\occache.dll      102912 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\pngfilt.dll      44544 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\url.dll          105984 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\urlmon.dll       1171968 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\webcheck.dll     233472 bytes executable
File            C:\WINDOWS\$hf_mig$\KB2183461-IE7\SP3QFE\wininet.dll      841216 bytes executable

---- EOF - GMER 1.0.15 ----

[Jintan]

All those Windows updates showing at the end of the Gmer log aren't clear, as far as why they are being picked up. Not quite sure why the "executable" files showing as containing executable code are indicated as containing it. Although these do not appear to be recent updates, was Windows updating while Gmer was being run?

If not, let's check a few files. Just go here, press NEW TOPIC (right hand side, just at the top of the forum thread list), fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select the following files on your computer.

C:\WINDOWS\$hf_mig$\KB2079403\update\update.exe

C:\WINDOWS\$hf_mig$\KB2121546\SP3QFE\winsrv.dll

C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.

Just click the "(more attachments)" next to the Browse button to upload more than one file.