Infected/Slow PC

[Wayne K]

When I click on any icon on my PC or a link on a webpage, I get a persistent window.

In the upper left hand corner (title bar) it will give "executable name".exe - Bad image. In the gray box. It shows "The application or DLL c:\windows\system32\doyisege.dll is not a valid window image. Please check this against your installation diskette.

Among the other problems I have, Microsoft Security Essentials won't upgrade. Error code:0x80070050 is displayed.

I found this site from the Hijackthis web page. I hope you can help.

The log is below. I hope you can help. Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:46:13 AM, on 9/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\POWERISO\PWRISOVM.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\PROGRAM FILES\SLYSOFT\ANYDVD\ANYDVD.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRAM FILES\YAHOO!\MESSENGER\ymsgr_tray.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SansaDispatch] C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\doyisege.dll refobaju.dll c:\windows\system32\fofarohi.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: mujuzedij - {de416087-ce24-4659-a17c-363d0d6d50f4} - (no file)
O22 - SharedTaskScheduler: gahurihor - {84d5b3a9-1826-44a1-b352-c57bd47fbfb4} - c:\windows\system32\fofarohi.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\RpcSandraSrv.exe

--
End of file - 12003 bytes

[Train]

HJT is npt what it once was, so follow the instructions at
http://discussions.virtualdr.com/sho...d.php?t=167915
And POST the logs in this thread.

[Wayne K]

Here is the log for step one.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/4/2010 1:55:06 AM
mbam-log-2010-09-04 (01-55-06).txt

Scan type: Quick scan
Objects scanned: 120284
Time elapsed: 29 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\DOYISEGE.DLL (Trojan.Vundo.H) -> No action taken.

I removed selected as directed in the link provided. I am currently running the GMER for step 2.

[crunchie]

Your log shows that you did not remove selected items. You must have posted the wrong log if you did remove the items.

Please update MalwareBytes (as requested in the link) and then re-run and remove what is found.
Post the log showing that the items were in fact, removed.

============

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

[Wayne K]

Thanks Crunchie.

I am still running GMER.

Can you confirm the order of the programs I should run after GMER? Should I run DDS as suggested in the link?
Thanks in advance!

[crunchie]

Yes please. The order would preferably be MalwareBytes first (after updating it) and then either GMER or DDS as the latter are only scanning.

[Wayne K]

Here is the log that shows I removed the items yesterday mentioned in the thread earlier.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/4/2010 1:57:00 AM
mbam-log-2010-09-04 (01-57-00).txt

Scan type: Quick scan
Objects scanned: 120284
Time elapsed: 29 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Administrator\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\DOYISEGE.DLL (Trojan.Vundo.H) -> Quarantined and deleted successfully.



After updating mbam, I ran it again. Here are the results:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4544

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/4/2010 1:43:38 PM
mbam-log-2010-09-04 (13-43-38).txt

Scan type: Quick scan
Objects scanned: 136946
Time elapsed: 55 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\utt157.tmp.exe (Trojan.Pakes) -> Quarantined and deleted successfully.

About GMER, when I woke up this AM, I realized that the computer had rebooted overnight. I'll have to rerun it after this reboot. Thanks in advance

[Wayne K]

Before I left for work, I launched GMER, but the PC rebooted while it was running. I ran it one more time and left for work. When I came home, I found a Windows error message that it there was a serious issue and it rebooted. I don't recall the exact wording. Anyway, I am going to run GMER in safe mode and report back.

[Wayne K]

GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 02:20:01
Windows 5.1.2600 Service Pack 3
Running: b9d2lrlg.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF74ED0D0]
SSDT sptd.sys ZwEnumerateKey [0xF74F2FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF74F3340]
SSDT sptd.sys ZwOpenKey [0xF74ED0B0]
SSDT sptd.sys ZwQueryKey [0xF74F3418]
SSDT sptd.sys ZwQueryValueKey [0xF74F3298]
SSDT sptd.sys ZwSetValueKey [0xF74F34AA]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload BA6D28AC 5 Bytes JMP 8A76B770

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F750406C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7504018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75269AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F750406C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74EDAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74EDC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74EDB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74EE748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74EE61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F750329A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A8BC1E8
Device \FileSystem\Fastfat \FatCdrom 8A2913D0
Device \Driver\usbuhci \Device\USBPDO-0 8A76D790
Device \Driver\NetBT \Device\NetBT_Tcpip_{E41E7656-48C5-4D85-8E80-515A07908B63} 8A3B71E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A8BE1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A8BE1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A8BE1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A8BE1E8
Device \Driver\usbuhci \Device\USBPDO-1 8A76D790
Device \Driver\usbuhci \Device\USBPDO-2 8A76D790
Device \Driver\usbehci \Device\USBPDO-3 8A76C790
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8531E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8531E8
Device \Driver\Cdrom \Device\CdRom0 8A739590
Device \Driver\Cdrom \Device\CdRom1 8A739590
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 8A739590
Device \Driver\usbstor \Device\00000080 8A3B61E8
Device \Driver\usbstor \Device\00000081 8A3B61E8
Device \Driver\usbstor \Device\00000082 8A3B61E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3B71E8
Device \Driver\usbstor \Device\00000083 8A3B61E8
Device \Driver\NetBT \Device\NetbiosSmb 8A3B71E8
Device \Driver\usbstor \Device\00000088 8A3B61E8
Device \Driver\usbuhci \Device\USBFDO-0 8A76D790
Device \Driver\usbuhci \Device\USBFDO-1 8A76D790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A3AB1E8
Device \Driver\usbuhci \Device\USBFDO-2 8A76D790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A3AB1E8
Device \Driver\usbehci \Device\USBFDO-3 8A76C790
Device \Driver\usbstor \Device\0000007d 8A3B61E8
Device \Driver\Ftdisk \Device\FtControl 8A8531E8
Device \Driver\usbstor \Device\0000008a 8A3B61E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port2Path0Target1Lun0 8A8BD1E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port2Path0Target0Lun0 8A8BD1E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 8A8BD1E8
Device \FileSystem\Fastfat \Fat 8A2913D0
Device \FileSystem\Cdfs \Cdfs 8A309790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.15 ----

[Wayne K]

When I double click on dds on my desktop, a "Open File - Security Warning window" opens and shows its Type as a DWG TrueView Script. It opens in notepad. How should this open? Do I need to uninstall the DWG TrueView program?

Since your earlier message said GMER or DDS, I am just gonna move onto OTL, but I would like to know how to get that DDS to work properly.

[Wayne K]

Ok. When I ran OTL I had some Exception error windows that popped up, I was going to cancel, and restart OTL but I kept running.

here is the OTL log in several parts

[Wayne K]

OTL logfile created on: 9/5/2010 2:43:11 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 14.43 Gb Free Space | 19.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 298.09 Gb Total Space | 33.25 Gb Free Space | 11.15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WAYNE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
PRC - [2010/09/01 07:23:10 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/06/14 21:38:32 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/02/18 12:13:58 | 000,059,904 | ---- | M] (SeriousBit) -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/09/30 17:45:00 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:43:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 16:46:44 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008/04/11 15:13:52 | 001,085,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008/01/31 18:27:04 | 000,118,784 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2007/10/11 20:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/04/09 07:23:11 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/04/03 13:54:38 | 000,271,936 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2004/06/15 23:17:38 | 000,069,705 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Multimedia\main\atidtct.exe
PRC - [2004/01/09 05:54:06 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2002/10/23 11:15:08 | 000,086,016 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/04 03:52:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/03 13:54:50 | 000,063,032 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (x10nets)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\TEMP\001725~1.EXE -- (0017251259724200mcinstcleanup) McAfee Application Installer Cleanup (0017251259724200)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/10 14:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/15 11:28:20 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/01/08 10:11:25 | 000,366,704 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- c:\program files\a-squared free\a2service.exe -- (a2free)
SRV - [2007/02/02 01:06:46 | 000,118,784 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)
SRV - [2007/02/02 00:53:18 | 001,323,184 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Engineer XI.SP1\RpcSandraSrv.exe -- (SandraTheSrv)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2002/09/27 12:56:20 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\hitmanpro3.sys -- (hitmanpro3)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/09/01 07:23:16 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/03/07 20:12:07 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/07 20:12:07 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/09 11:49:42 | 000,022,528 | ---- | M] (SeriousBit) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nbdrv.sys -- (Nbdrv)
DRV - [2009/08/03 13:33:46 | 000,040,960 | ---- | M] (--) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MOSUMAC.SYS -- (MOSUMAC)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gckernel.sys -- (GcKernel)
DRV - [2008/03/27 21:01:40 | 000,009,744 | ---- | M] (EMS Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TLKerII.SYS -- (TrioLinkerII)
DRV - [2008/03/19 11:53:38 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/08 09:20:35 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MS1000.sys -- (MS1000)
DRV - [2007/08/07 14:48:33 | 000,025,160 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2007/08/01 23:47:26 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/07/14 21:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pstrip.sys -- (PStrip)
DRV - [2007/06/15 22:05:42 | 000,002,554 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\kwflower.log -- (kwflower)
DRV - [2007/06/07 16:48:57 | 000,097,096 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/05/25 14:55:04 | 000,065,024 | ---- | M] (Kerio Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)
DRV - [2007/04/09 07:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/03/20 11:33:26 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2007/02/15 19:56:49 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2007/01/23 16:45:00 | 000,078,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/01/23 16:44:00 | 000,062,992 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/01/23 16:44:00 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2006/12/12 12:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/09/03 10:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/01 23:20:56 | 000,023,296 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ProtoWall.sys -- (ProtoWall)
DRV - [2005/08/15 12:08:26 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2005/08/15 12:08:26 | 000,005,888 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/07/10 20:37:02 | 000,747,008 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/03/23 21:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2004/01/10 02:17:02 | 000,601,100 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/01/07 17:04:00 | 000,339,488 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WUSB20XP.sys -- (PRISM_A02)
DRV - [2003/12/15 12:28:46 | 000,257,872 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atirwvd.sys -- (ATI Remote Wonder II)
DRV - [2003/12/12 02:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2002/10/16 01:11:22 | 000,019,968 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)

[Wayne K]

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {45d8ff86-d909-11db-9705-005056c00008}:1.0.2
FF - prefs.js..extensions.enabledItems: feedly@devhd:3.x
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.721
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823
FF - prefs.js..extensions.enabledItems: [email protected]d:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/27 14:09:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/09/03 09:02:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 13:23:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 21:42:54 | 000,000,000 | ---D | M]

[2008/12/05 11:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/09/04 23:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions
[2010/09/02 11:50:49 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/16 13:56:39 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/14 09:37:59 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}
[2010/02/17 17:35:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/02 11:50:44 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/18 10:08:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/02 11:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/04/14 09:50:57 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/14 09:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/01/28 15:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/09/02 11:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\feedly@devhd
[2010/09/02 11:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/04/18 13:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/03/28 07:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/06/14 09:38:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\[email protected]
[2010/09/02 11:48:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\extensions\feedly@devhd\content\app\extension
[2010/01/25 05:32:47 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\amazondotcom.xml
[2007/10/17 12:47:35 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\bitmetvorg.xml
[2009/06/12 09:23:15 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\ebay.xml
[2007/05/01 01:01:34 | 000,001,406 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.gif
[2007/05/01 01:01:34 | 000,000,276 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.src
[2007/05/01 01:00:26 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\siteadvisor.xml
[2009/04/07 16:06:10 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wlfp0v5k.default\searchplugins\youtube-video-search.xml
[2010/09/04 12:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/01/13 16:05:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/27 20:27:21 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/28 21:44:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007/03/22 10:45:00 | 000,385,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2009/12/07 10:28:20 | 000,000,047 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fbook****s.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\atidtct.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PowerStrip] c:\Program Files\PowerStrip\PStrip.exe (EnTech Taiwan)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\Administrator\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe (SeriousBit)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartmenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinters = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeKeyboardNavigationIndicators = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

[Wayne K]

O15 - HKCU\..Trusted Domains: 02pmnzy5eo29bfk4.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: 093qpeuqpmz6ebfa.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: 163.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: 2004search.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: 356563.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: 5hvx2m8sixttkn8a.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: aa03.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: abcfind.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: adclick.de ([]* in My Computer)
O15 - HKCU\..Trusted Domains: advancedtrafficnetwork.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: advnt03.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: afterlifetelegrams.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ahppress.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: aleateia.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: allcitypages.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: all-dating-secrets.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: animalrank.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: apmebf.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: apps.deskwizz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: arubadev.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: asiangirls.ss.ru ([]* in My Computer)
O15 - HKCU\..Trusted Domains: asp030.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: asp070.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: atdmt.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: badboss.tv ([]* in My Computer)
O15 - HKCU\..Trusted Domains: balletsanjosesiliconvalley.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bannedmpegs.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: barcelo-hotels-cuernavaca.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: beastrank.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bestfind.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bestmature4free.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: best-mature-babes.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bestpornnews.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bestwaycum.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: betterfinder.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: biblelifechurch.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bigpornguide.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bitchonmydick.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: blackrating.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: black-search.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: block-checker.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: blyabudu.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bogazicivideo.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: boylovemen.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: boy-men.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: boys-city.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: boysextop.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: britney-spears-picture.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: broadband-xxx-movie.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bsnlbuldhana.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: buenavistacarecenter.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: bulk-search.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: business-cc.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: by.ru ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cagindia.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cambridgepoetryawards.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: candiesclub.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: casinos-online.md ([]* in My Computer)
O15 - HKCU\..Trusted Domains: chargitdial.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: chicklick.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: china-design.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: chocolatebeauty.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: chubbyfantasy.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cimfel.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cityonweb.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: claria.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: clubasean.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: college-football-video.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: confirmationdepartment.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: content-loader.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: coolnameserv.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: coolwebsearch.us ([]* in My Computer)
O15 - HKCU\..Trusted Domains: costplusdata.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: countedstitches.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cracks.me.uk ([]* in My Computer)
O15 - HKCU\..Trusted Domains: crackz.ws ([]* in My Computer)
O15 - HKCU\..Trusted Domains: crazyitalydialer.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: crossdots.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cumonteens.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: cyberneedfulthings.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: daily-virgins.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: danmac.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: deaddrunk****s.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: default-homepage-network.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: definehci.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: denverteachercompensation.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: devilsmp3.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: dialerzona.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: didierbguadeloupe.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: directplugin.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: disavowed.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: dogdj.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: dontgetporn.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: doubleclick.ne.jp ([]* in My Computer)
O15 - HKCU\..Trusted Domains: drabland.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: drunk-bang.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: drunken-boys.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: drunken-sex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: drunkenworld.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: dsm.xu.pl ([]* in My Computer)
O15 - HKCU\..Trusted Domains: dworbellinc.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: easysearch.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ebonyboom.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: echelon-dynamics.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: effectivesearch.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ehttp.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: elateck.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: emjcd.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: e-service.ws ([]* in My Computer)
O15 - HKCU\..Trusted Domains: euniverseads.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: everythingonweb.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: excixe.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: exitmoney.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: extreme-virgins.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: falkag.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: family-incest-sex.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fastadvert.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fastgoogle.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fatolders.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fed-icc.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ff02.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fide01.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find4fun.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: findarachnids.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-bid.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-fun.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-more.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-porn-here.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: findsx.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-the.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: find-visit.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: findwasps.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: finetimesearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: flipperkeys.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fnoob.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: forbidden-mpegs.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: forgaymarriage.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: fortleesaloon.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: free-celeb-pics.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: free-f*cking-video.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: freeloll.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: free-naked-celebrity.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: freepornisland.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: free-spy-cam.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: freexxxpages.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: freshrapepics.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ****-dream.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ****ing-video.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ****nicepics.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ****tera.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: funtarget.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: futuredreamscy.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gamehouse.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gator.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gigs7.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gipersearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: girlsascats.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gladsclan.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gonnasearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: goodfellowsrestaurant.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: googkle.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: groupfind.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: gsnh.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hardysex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hc-express.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: headinsurance.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hitmyass.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: holidayvillaestepona.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: homesexsearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: horsesearch.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hotwebsearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hqlist.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: httpads.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: hugesearch.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: icanfindit.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: icarsinc.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: iframenetwork.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: imageactivex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: incfind.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: indipindenza.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: innonlocust.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ioacon.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ipcons.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: isacasa.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ivfdf2005.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: jackycaps.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: jengadss.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: jerkoffolders.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: jordan-katie-price.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: juliehillmusic.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: kilimedical.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: kingofmp3.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: kqzyfj.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lacyhart.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: laopen.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: latinbanking.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lavasoftpersonallfirewall.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lemarkregionals.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: liferowboys.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lindsay-lohan-nude.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: line-find.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: list2004.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lolkiss.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lookandvote.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lookingfor.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lovemynet.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: lust-movies.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: luycos.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mailmx02.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mainentrypoint.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mantacorp.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: maria-sharapova.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: maturecunts.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: maximumsearch.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: meta-shop.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: microgirls.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: millergames.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: moneybg.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: moreporn.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mostinterestingstuff.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mp3cherry.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mp3rankings.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mp3traffic.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mpgcodec.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: msn1.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: muul.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: muxa.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mx03.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: myfind4u.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: mypoiskovik.com ([]* in My Computer)

[Wayne K]

O15 - HKCU\..Trusted Domains: namestotreasure.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: needupdate.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nerdhq.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: netpaloffers.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ngadcenter.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nhlweb.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: niceblowjob.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nitrosex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nocreditcard.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: noobb.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: norsty.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nowfind.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ntallc.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: nudeboysex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: objectactivex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: obscenevideo.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: oderzo.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: offerssearch.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ogechiwear.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ohfind.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: onlinenoob3.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: on-linesearch.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: onlyrandom.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: opentracker.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: other-find.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: pantyhoserating.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: parenting-directory.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: partokrat.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: peanutco.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: pee-girls.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: pictures1.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: plak.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: playminigolf.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: plumpersclub.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: plumptoplist.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: poap02.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: porcosnet.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: porn-star-news.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: power-search.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: praxisremarketing.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: prn.ru ([]* in My Computer)
O15 - HKCU\..Trusted Domains: protectgates.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: purescans.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: quickreplies.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: rape-toplist.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: realsexpass.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: relatedfind.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ricge.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: roings.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: roundonemartialarts.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: rr03.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: running-pages.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: russoc.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: rytisstechnologies.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sama.ru ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sanspelo.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: satis****tion.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: scan-search.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: school-****.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: scin-care-drugs.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchable-sex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: search-access.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchallhere.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: search-and-go.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: search-explorer.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchhtg.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchmadesafe.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchpage.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: search-seek.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: search-top.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: searchweb.ws ([]* in My Computer)
O15 - HKCU\..Trusted Domains: seekaround.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: selltraff.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: serving-sys.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sexybabesx.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: shockingboysites.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: singtaotor.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: smart-finder.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sotfo.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sp2msupdateresearch.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: specific911.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: spicyebonysex.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: spootie.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sputnikbook.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: stardialer.de ([]* in My Computer)
O15 - HKCU\..Trusted Domains: start-page.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: stpaulpioneers.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: stuphome.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: suchki.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sunburstonline.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: sweeticings.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: tabi-tv.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: tadstore.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teeens.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teenagepic.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teenhqpics.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teens4porn.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teensfestival.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teentitts.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: tehranzamin.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: teramedix.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: the-ad-lab.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: thedraft2004.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: thegoneoverseas.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: theplumpers.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: thethumbsite.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: toolbarmoney.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: topadult10.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: topnetsearch.cc ([]* in My Computer)
O15 - HKCU\..Trusted Domains: transsexxxual.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: treyparker.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: troyanov.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: trytofind.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: ultralinks.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: updateyoursystem.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: usearch.biz ([]* in My Computer)
O15 - HKCU\..Trusted Domains: valuevids.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: vetpool.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: videocodecupdate.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: vioclicks.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: virtualnoob3.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: vizitus.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: vulgarmovies.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: web-4-design.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: webbrowser.tv ([]* in My Computer)
O15 - HKCU\..Trusted Domains: webforhumans.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: websearchnetwork.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: weekly-teens.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: wet-teenie.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: wildarcade.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: witenterprises.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: womensphil.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: worldgaypics.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: wwwfinder.net ([]* in My Computer)
O15 - HKCU\..Trusted Domains: xcnn.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: x-orgasm.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: xxx.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: xxxmoms.info ([]* in My Computer)
O15 - HKCU\..Trusted Domains: youcangetitdone.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: youngboyvideo.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: young-plumpers.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: yoursearchbar.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: youthpassagenet.org ([]* in My Computer)
O15 - HKCU\..Trusted Domains: yyepp.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: zambeel.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: zoodrawings.com ([]* in My Computer)
O15 - HKCU\..Trusted Domains: zoosexart.com ([]* in My Computer)
O15 - HKCU\..Trusted Ranges: Range12 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range16 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range2 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range23 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range27 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range30 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range34 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range38 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range41 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range45 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range49 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range52 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range56 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range6 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range63 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range67 ([*] in My Computer)
O15 - HKCU\..Trusted Ranges: Range70 ([*] in My Computer)