TechSpot

Google redirect, AV & IE damage

Solved
By tatterjack
Oct 13, 2011
  1. OS: XP Pro SP3
    H/W: Dell Optiplex GX620
    RAM: 2G

    Symptoms:
    =========

    IE8 running very slowly and freezing
    Clicking on a Google search result in IE 8 or chrome redirects randomly ie some work OK, others go to eg freeads.co.uk
    Floppy light comes on sporadically (no floppy in drive)
    Desktop icons don't appear
    (Task Manager\Start Explorer brings them up immediately)
    McAfee icon vanished from notification area
    Sometimes all icons vanished from Notification area
    Starting McAfee brings up blank window
    Pdf file association set to Word
    Opening Adobe Reader 8 errors:
    "Invalid Plugin detected"
    "ciceroUiWndframe: Acrord32.exe - application error"
    then it closes

    Some USB drives get files and folders added:
    autorun.inf file
    containing only 1 line "RMN" in bold
    Recycler folder
    S-1-5-.... folder
    Many copies of randomly named exe's and cpl's with quill and inkwell icon
    Copy of shortcut (1) etc appear and disappear

    If not connected to Internet a "cannot connect box" regularly appears.

    In Device Manger;
    Cisco systems VPN Adapter is disabled
    The following are not installed
    SM Bus controller
    Video controller
    Video controller (VGA compatible)
    (I can't tell if these occured at the same time as the infection)

    All system restore checkpoints older than today have vanished though they appear in the SR GUI.
    If one is selected it goes through the process of restoring but when it reboots says it was unsuccessfull.

    Safemode appears to start loading but then reboots.

    History:
    ========
    I made attempts at fixing this myself and discovered a number of the offending modules and their load points which I can list if necessary. Before I did I took a Driveimage. At one point AVG deleted a large number of modules which prevented programs running so I restored from the driveimage. Hence the situation now is as if I had run nothing but the recommended programs

    6 steps
    =======
    1) Mcshield is still running thought the Gui is blank so I have not installed any other AV
    2) MBAM log pasted below
    3) GMER log pasted below but I have no access to Mcafee so cannot turn off real-time scanning and cannot end the mcshield process (access denied)
    4) DDS runs and after some text starts a line of "###" After 5 minutes this line does not increase beyond 42 "#" (I may be 1 or 2 out). As above if McAfee is blocking scripting I cannot turn it off. After about 10 minutes I x'd out of it. No logs were produced as far as I can see.
    5) Logs

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7939

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    10/13/2011 6:24:50 PM
    mbam-log-2011-10-13 (18-24-50).txt

    Scan type: Quick scan
    Objects scanned: 159551
    Time elapsed: 9 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 4
    Registry Data Items Infected: 2
    Folders Infected: 2
    Files Infected: 10

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XWWWVA1IXG8V0D5JNDMVGRPUU (Trojan.FakeAlert) -> Value: XWWWVA1IXG8V0D5JNDMVGRPUU -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LmlLhkfv (Trojan.Downloader.H) -> Value: LmlLhkfv -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LmlLhkfv (Trojan.Downloader.H) -> Value: LmlLhkfv -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4CVWUJ9F5Y6JUCUDSR (Trojan.SpyEyes) -> Value: 4CVWUJ9F5Y6JUCUDSR -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\syst63e.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
    c:\servi3e.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

    Files Infected:
    c:\servi3e.bin\a7350d824c5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\russell dobash\local settings\application data\dgtvwkvi\lmllhkfv.exe (Trojan.Downloader.H) -> Delete on reboot.
    c:\documents and settings\russell dobash\start menu\programs\startup\lmllhkfv.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
    c:\windows\system32\config\systemprofile\start menu\programs\startup\lmllhkfv.exe (Trojan.Downloader.H) -> Delete on reboot.
    c:\documents and settings\russell dobash\local settings\Temp\5575.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\russell dobash\local settings\Temp\drggmmefohcljxih.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
    c:\documents and settings\russell dobash\local settings\Temp\wpbt0.dll (Trojan.Downloader.H) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\drggmmefohcljxih.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
    c:\syst63e.bin\55389fbad09f175 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
    c:\servi3e.bin\bdb02f65d09f175 (Trojan.SpyEyes) -> Quarantined and deleted successfully.


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-10-13 21:32:47
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3160812AS rev.3.ADH
    Running: jwcnqywc.exe; Driver: C:\DOCUME~1\RUSSEL~1\LOCALS~1\Temp\kwkiraod.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9EAF0F4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9EAF120]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EAF176]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EAF0A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EAF0B8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9EAF10A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9EAF14C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9EAF136]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EAF1A0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EAF18C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EAF160]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:136] 8A6550F9
    Thread System [4:1408] 896E2B90

    ---- EOF - GMER 1.0.15 ----
  2. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    Tdskiller Report

    Hi Broni,

    Many thanks for your reply. I'm on UK time hence the delay.

    Here is the TDSSKiller report


    10:49:44.0656 2064 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
    10:49:45.0843 2064 ============================================================
    10:49:45.0843 2064 Current date / time: 2011/10/14 10:49:45.0843
    10:49:45.0843 2064 SystemInfo:
    10:49:45.0843 2064
    10:49:45.0843 2064 OS Version: 5.1.2600 ServicePack: 3.0
    10:49:45.0843 2064 Product type: Workstation
    10:49:45.0843 2064 ComputerName: UNIVERSI-2DDE3C
    10:49:45.0843 2064 UserName: Russell Dobash
    10:49:45.0843 2064 Windows directory: C:\WINDOWS
    10:49:45.0843 2064 System windows directory: C:\WINDOWS
    10:49:45.0843 2064 Processor architecture: Intel x86
    10:49:45.0843 2064 Number of processors: 2
    10:49:45.0843 2064 Page size: 0x1000
    10:49:45.0843 2064 Boot type: Normal boot
    10:49:45.0843 2064 ============================================================
    10:49:46.0343 2064 Initialize success
    10:49:53.0093 0260 ============================================================
    10:49:53.0093 0260 Scan started
    10:49:53.0093 0260 Mode: Manual;
    10:49:53.0093 0260 ============================================================
    10:49:53.0484 0260 Abiosdsk - ok
    10:49:53.0531 0260 abp480n5 - ok
    10:49:53.0609 0260 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    10:49:53.0609 0260 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
    10:49:53.0609 0260 ACPI ( Virus.Win32.Rloader.a ) - infected
    10:49:53.0609 0260 ACPI - detected Virus.Win32.Rloader.a (0)
    10:49:53.0671 0260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    10:49:53.0671 0260 ACPIEC - ok
    10:49:53.0703 0260 adpu160m - ok
    10:49:53.0781 0260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    10:49:53.0781 0260 aec - ok
    10:49:53.0843 0260 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    10:49:53.0890 0260 AegisP - ok
    10:49:53.0937 0260 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    10:49:54.0000 0260 AFD - ok
    10:49:54.0015 0260 Aha154x - ok
    10:49:54.0031 0260 aic78u2 - ok
    10:49:54.0062 0260 aic78xx - ok
    10:49:54.0140 0260 AliIde - ok
    10:49:54.0171 0260 amsint - ok
    10:49:54.0218 0260 asc - ok
    10:49:54.0250 0260 asc3350p - ok
    10:49:54.0281 0260 asc3550 - ok
    10:49:54.0390 0260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    10:49:54.0390 0260 AsyncMac - ok
    10:49:54.0421 0260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    10:49:54.0421 0260 atapi - ok
    10:49:54.0437 0260 Atdisk - ok
    10:49:54.0500 0260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    10:49:54.0515 0260 Atmarpc - ok
    10:49:54.0578 0260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    10:49:54.0593 0260 audstub - ok
    10:49:54.0656 0260 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    10:49:54.0734 0260 b57w2k - ok
    10:49:54.0765 0260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    10:49:54.0781 0260 Beep - ok
    10:49:54.0828 0260 Bonifay (c0152e77307de863ebf6c728cf0a771d) C:\WINDOWS\system32\DRIVERS\Bonifay.sys
    10:49:54.0890 0260 Bonifay - ok
    10:49:54.0968 0260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    10:49:54.0984 0260 cbidf2k - ok
    10:49:54.0984 0260 cd20xrnt - ok
    10:49:55.0062 0260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    10:49:55.0062 0260 Cdaudio - ok
    10:49:55.0109 0260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    10:49:55.0109 0260 Cdfs - ok
    10:49:55.0140 0260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    10:49:55.0140 0260 Cdrom - ok
    10:49:55.0203 0260 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
    10:49:55.0203 0260 cfwids - ok
    10:49:55.0218 0260 Changer - ok
    10:49:55.0281 0260 CmdIde - ok
    10:49:55.0343 0260 Cpqarray - ok
    10:49:55.0390 0260 csmbrqkp - ok
    10:49:55.0453 0260 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    10:49:55.0500 0260 CVirtA - ok
    10:49:55.0578 0260 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    10:49:55.0640 0260 CVPNDRVA - ok
    10:49:55.0656 0260 dac2w2k - ok
    10:49:55.0687 0260 dac960nt - ok
    10:49:55.0765 0260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    10:49:55.0765 0260 Disk - ok
    10:49:55.0843 0260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    10:49:55.0859 0260 dmboot - ok
    10:49:55.0875 0260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    10:49:55.0906 0260 dmio - ok
    10:49:55.0937 0260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    10:49:55.0937 0260 dmload - ok
    10:49:56.0000 0260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    10:49:56.0000 0260 DMusic - ok
    10:49:56.0046 0260 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
    10:49:56.0109 0260 DNE - ok
    10:49:56.0203 0260 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
    10:49:56.0203 0260 Dot4 - ok
    10:49:56.0250 0260 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
    10:49:56.0312 0260 Dot4Print - ok
    10:49:56.0343 0260 dpti2o - ok
    10:49:56.0406 0260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    10:49:56.0406 0260 drmkaud - ok
    10:49:56.0484 0260 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    10:49:56.0531 0260 ElbyCDIO - ok
    10:49:56.0593 0260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    10:49:56.0609 0260 Fastfat - ok
    10:49:56.0656 0260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    10:49:56.0656 0260 Fdc - ok
    10:49:56.0687 0260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    10:49:56.0703 0260 Fips - ok
    10:49:56.0718 0260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    10:49:56.0718 0260 Flpydisk - ok
    10:49:56.0781 0260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    10:49:56.0781 0260 FltMgr - ok
    10:49:56.0812 0260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    10:49:56.0812 0260 Fs_Rec - ok
    10:49:56.0828 0260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    10:49:56.0843 0260 Ftdisk - ok
    10:49:56.0875 0260 Gonzales (673d63add112dce1ea58a4e418eddb86) C:\WINDOWS\system32\DRIVERS\Gonzales.sys
    10:49:56.0937 0260 Gonzales - ok
    10:49:57.0000 0260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    10:49:57.0015 0260 Gpc - ok
    10:49:57.0109 0260 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    10:49:57.0109 0260 hidusb - ok
    10:49:57.0156 0260 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
    10:49:57.0218 0260 HPFXBULK - ok
    10:49:57.0234 0260 hpn - ok
    10:49:57.0296 0260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    10:49:57.0296 0260 HTTP - ok
    10:49:57.0390 0260 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
    10:49:57.0500 0260 hwdatacard - ok
    10:49:57.0578 0260 i2omgmt - ok
    10:49:57.0609 0260 i2omp - ok
    10:49:57.0656 0260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
    10:49:57.0671 0260 i8042prt - ok
    10:49:57.0734 0260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    10:49:57.0750 0260 Imapi - ok
    10:49:57.0781 0260 ini910u - ok
    10:49:57.0812 0260 IntelIde - ok
    10:49:57.0859 0260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    10:49:57.0875 0260 intelppm - ok
    10:49:57.0906 0260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    10:49:57.0921 0260 Ip6Fw - ok
    10:49:57.0968 0260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    10:49:57.0984 0260 IpFilterDriver - ok
    10:49:58.0046 0260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    10:49:58.0062 0260 IpInIp - ok
    10:49:58.0093 0260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    10:49:58.0109 0260 IpNat - ok
    10:49:58.0156 0260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    10:49:58.0156 0260 IPSec - ok
    10:49:58.0187 0260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    10:49:58.0187 0260 IRENUM - ok
    10:49:58.0250 0260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    10:49:58.0250 0260 isapnp - ok
    10:49:58.0281 0260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    10:49:58.0296 0260 Kbdclass - ok
    10:49:58.0312 0260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    10:49:58.0312 0260 kbdhid - ok
    10:49:58.0375 0260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    10:49:58.0375 0260 kmixer - ok
    10:49:58.0421 0260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    10:49:58.0437 0260 KSecDD - ok
    10:49:58.0468 0260 lbrtfdc - ok
    10:49:58.0531 0260 MBAMSwissArmy - ok
    10:49:58.0718 0260 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
    10:49:58.0781 0260 mfeapfk - ok
    10:49:58.0828 0260 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
    10:49:58.0890 0260 mfeavfk - ok
    10:49:58.0906 0260 mfeavfk01 - ok
    10:49:58.0953 0260 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
    10:49:59.0015 0260 mfebopk - ok
    10:49:59.0093 0260 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
    10:49:59.0171 0260 mfefirek - ok
    10:49:59.0234 0260 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
    10:49:59.0312 0260 mfehidk - ok
    10:49:59.0359 0260 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    10:49:59.0421 0260 mfendisk - ok
    10:49:59.0453 0260 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    10:49:59.0453 0260 mfendiskmp - ok
    10:49:59.0484 0260 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
    10:49:59.0546 0260 mferkdet - ok
    10:49:59.0609 0260 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
    10:49:59.0671 0260 mfetdi2k - ok
    10:49:59.0781 0260 Micorsoft Windows Service - ok
    10:49:59.0828 0260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    10:49:59.0843 0260 mnmdd - ok
    10:49:59.0906 0260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    10:49:59.0906 0260 Modem - ok
    10:49:59.0953 0260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    10:49:59.0953 0260 Mouclass - ok
    10:49:59.0984 0260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    10:50:00.0000 0260 mouhid - ok
    10:50:00.0031 0260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    10:50:00.0031 0260 MountMgr - ok
    10:50:00.0046 0260 mraid35x - ok
    10:50:00.0078 0260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    10:50:00.0109 0260 MRxDAV - ok
    10:50:00.0140 0260 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    10:50:00.0281 0260 MRxSmb - ok
    10:50:00.0343 0260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    10:50:00.0359 0260 Msfs - ok
    10:50:00.0406 0260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    10:50:00.0421 0260 MSKSSRV - ok
    10:50:00.0453 0260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    10:50:00.0453 0260 MSPCLOCK - ok
    10:50:00.0484 0260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    10:50:00.0484 0260 MSPQM - ok
    10:50:00.0546 0260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    10:50:00.0546 0260 mssmbios - ok
    10:50:00.0593 0260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    10:50:00.0656 0260 Mup - ok
    10:50:00.0718 0260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    10:50:00.0718 0260 NDIS - ok
    10:50:00.0765 0260 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    10:50:00.0812 0260 NdisTapi - ok
    10:50:00.0875 0260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    10:50:00.0890 0260 Ndisuio - ok
    10:50:00.0906 0260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    10:50:00.0921 0260 NdisWan - ok
    10:50:00.0968 0260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    10:50:01.0031 0260 NDProxy - ok
    10:50:01.0078 0260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    10:50:01.0093 0260 NetBIOS - ok
    10:50:01.0125 0260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    10:50:01.0125 0260 NetBT - ok
    10:50:01.0218 0260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    10:50:01.0234 0260 Npfs - ok
    10:50:01.0296 0260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    10:50:01.0312 0260 Ntfs - ok
    10:50:01.0375 0260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    10:50:01.0390 0260 Null - ok
    10:50:01.0437 0260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    10:50:01.0437 0260 NwlnkFlt - ok
    10:50:01.0484 0260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    10:50:01.0484 0260 NwlnkFwd - ok
    10:50:01.0578 0260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    10:50:01.0578 0260 Parport - ok
    10:50:01.0609 0260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    10:50:01.0625 0260 PartMgr - ok
    10:50:01.0687 0260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    10:50:01.0687 0260 ParVdm - ok
    10:50:01.0718 0260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    10:50:01.0718 0260 PCI - ok
    10:50:01.0750 0260 PCIDump - ok
    10:50:01.0796 0260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    10:50:01.0812 0260 PCIIde - ok
    10:50:01.0843 0260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    10:50:01.0859 0260 Pcmcia - ok
    10:50:01.0875 0260 PDCOMP - ok
    10:50:01.0921 0260 PDFRAME - ok
    10:50:01.0953 0260 PDRELI - ok
    10:50:01.0984 0260 PDRFRAME - ok
    10:50:02.0015 0260 perc2 - ok
    10:50:02.0062 0260 perc2hib - ok
    10:50:02.0156 0260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    10:50:02.0171 0260 PptpMiniport - ok
    10:50:02.0203 0260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    10:50:02.0218 0260 PSched - ok
    10:50:02.0296 0260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    10:50:02.0312 0260 Ptilink - ok
    10:50:02.0328 0260 ql1080 - ok
    10:50:02.0359 0260 Ql10wnt - ok
    10:50:02.0375 0260 ql12160 - ok
    10:50:02.0406 0260 ql1240 - ok
    10:50:02.0421 0260 ql1280 - ok
    10:50:02.0468 0260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    10:50:02.0500 0260 RasAcd - ok
    10:50:02.0781 0260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    10:50:02.0796 0260 Rasl2tp - ok
    10:50:02.0828 0260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    10:50:02.0843 0260 RasPppoe - ok
    10:50:02.0875 0260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    10:50:02.0875 0260 Raspti - ok
    10:50:02.0906 0260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    10:50:02.0921 0260 Rdbss - ok
    10:50:02.0953 0260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    10:50:02.0953 0260 RDPCDD - ok
    10:50:02.0984 0260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    10:50:02.0984 0260 rdpdr - ok
    10:50:03.0062 0260 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    10:50:03.0187 0260 RDPWD - ok
    10:50:03.0265 0260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    10:50:03.0265 0260 redbook - ok
    10:50:03.0375 0260 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
    10:50:03.0437 0260 RT73 - ok
    10:50:03.0546 0260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    10:50:03.0562 0260 Secdrv - ok
    10:50:03.0640 0260 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    10:50:03.0640 0260 senfilt - ok
    10:50:03.0687 0260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    10:50:03.0703 0260 serenum - ok
    10:50:03.0718 0260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    10:50:03.0734 0260 Serial - ok
    10:50:03.0750 0260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    10:50:03.0765 0260 Sfloppy - ok
    10:50:03.0812 0260 Simbad - ok
    10:50:03.0859 0260 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    10:50:03.0875 0260 smwdm - ok
    10:50:03.0890 0260 Sparrow - ok
    10:50:03.0953 0260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    10:50:03.0953 0260 splitter - ok
    10:50:04.0015 0260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    10:50:04.0015 0260 sr - ok
    10:50:04.0078 0260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    10:50:04.0156 0260 Srv - ok
    10:50:04.0203 0260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    10:50:04.0203 0260 swenum - ok
    10:50:04.0234 0260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    10:50:04.0234 0260 swmidi - ok
    10:50:04.0281 0260 symc810 - ok
    10:50:04.0328 0260 symc8xx - ok
    10:50:04.0359 0260 sym_hi - ok
    10:50:04.0390 0260 sym_u3 - ok
    10:50:04.0453 0260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    10:50:04.0453 0260 sysaudio - ok
    10:50:04.0531 0260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    10:50:04.0546 0260 Tcpip - ok
    10:50:04.0578 0260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    10:50:04.0593 0260 TDPIPE - ok
    10:50:04.0625 0260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    10:50:04.0640 0260 TDTCP - ok
    10:50:04.0671 0260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    10:50:04.0671 0260 TermDD - ok
    10:50:04.0718 0260 TosIde - ok
    10:50:04.0812 0260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    10:50:04.0812 0260 Udfs - ok
    10:50:04.0828 0260 ultra - ok
    10:50:04.0906 0260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    10:50:04.0921 0260 Update - ok
    10:50:04.0984 0260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    10:50:04.0984 0260 usbccgp - ok
    10:50:05.0015 0260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    10:50:05.0015 0260 usbehci - ok
    10:50:05.0046 0260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    10:50:05.0046 0260 usbhub - ok
    10:50:05.0078 0260 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    10:50:05.0093 0260 usbprint - ok
    10:50:05.0140 0260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    10:50:05.0156 0260 USBSTOR - ok
    10:50:05.0187 0260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    10:50:05.0203 0260 usbuhci - ok
    10:50:05.0250 0260 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\WINDOWS\system32\DRIVERS\VClone.sys
    10:50:05.0375 0260 VClone - ok
    10:50:05.0406 0260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    10:50:05.0421 0260 VgaSave - ok
    10:50:05.0453 0260 ViaIde - ok
    10:50:05.0484 0260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    10:50:05.0500 0260 VolSnap - ok
    10:50:05.0546 0260 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
    10:50:05.0609 0260 vsdatant - ok
    10:50:05.0687 0260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    10:50:05.0687 0260 Wanarp - ok
    10:50:05.0718 0260 WDICA - ok
    10:50:05.0765 0260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    10:50:05.0781 0260 wdmaud - ok
    10:50:06.0015 0260 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    10:50:06.0125 0260 \Device\Harddisk0\DR0 - ok
    10:50:06.0140 0260 Boot (0x1200) (e6b55c23be86f137bd054ea55b406768) \Device\Harddisk0\DR0\Partition0
    10:50:06.0140 0260 \Device\Harddisk0\DR0\Partition0 - ok
    10:50:06.0156 0260 ============================================================
    10:50:06.0156 0260 Scan finished
    10:50:06.0156 0260 ============================================================
    10:50:06.0187 0808 Detected object count: 1
    10:50:06.0187 0808 Actual detected object count: 1
    10:51:04.0734 0808 Backup copy found, using it..
    10:51:04.0765 0808 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
    10:51:04.0765 0808 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
    10:51:18.0406 3980 Deinitialize success
  4. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Very well.
    Re-run the tool one more time and post new log.
  5. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    2nd Tdsskiller report

    Here it is:


    18:09:03.0875 2644 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
    18:09:04.0906 2644 ============================================================
    18:09:04.0906 2644 Current date / time: 2011/10/14 18:09:04.0906
    18:09:04.0906 2644 SystemInfo:
    18:09:04.0906 2644
    18:09:04.0906 2644 OS Version: 5.1.2600 ServicePack: 3.0
    18:09:04.0906 2644 Product type: Workstation
    18:09:04.0906 2644 ComputerName: UNIVERSI-2DDE3C
    18:09:04.0906 2644 UserName: Russell Dobash
    18:09:04.0906 2644 Windows directory: C:\WINDOWS
    18:09:04.0906 2644 System windows directory: C:\WINDOWS
    18:09:04.0906 2644 Processor architecture: Intel x86
    18:09:04.0906 2644 Number of processors: 2
    18:09:04.0906 2644 Page size: 0x1000
    18:09:04.0906 2644 Boot type: Normal boot
    18:09:04.0906 2644 ============================================================
    18:09:05.0390 2644 Initialize success
    18:09:08.0656 3312 ============================================================
    18:09:08.0656 3312 Scan started
    18:09:08.0656 3312 Mode: Manual;
    18:09:08.0656 3312 ============================================================
    18:09:09.0109 3312 Abiosdsk - ok
    18:09:09.0125 3312 abp480n5 - ok
    18:09:09.0234 3312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:09:09.0234 3312 ACPI - ok
    18:09:09.0421 3312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    18:09:09.0437 3312 ACPIEC - ok
    18:09:09.0531 3312 adpu160m - ok
    18:09:09.0640 3312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:09:09.0703 3312 aec - ok
    18:09:09.0765 3312 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    18:09:09.0765 3312 AegisP - ok
    18:09:09.0859 3312 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    18:09:09.0875 3312 AFD - ok
    18:09:09.0968 3312 Aha154x - ok
    18:09:10.0078 3312 aic78u2 - ok
    18:09:10.0187 3312 aic78xx - ok
    18:09:10.0312 3312 AliIde - ok
    18:09:10.0375 3312 amsint - ok
    18:09:10.0437 3312 asc - ok
    18:09:10.0468 3312 asc3350p - ok
    18:09:10.0500 3312 asc3550 - ok
    18:09:10.0687 3312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:09:10.0703 3312 AsyncMac - ok
    18:09:10.0765 3312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:09:10.0765 3312 atapi - ok
    18:09:10.0781 3312 Atdisk - ok
    18:09:10.0843 3312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:09:10.0859 3312 Atmarpc - ok
    18:09:11.0234 3312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:09:11.0250 3312 audstub - ok
    18:09:11.0515 3312 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    18:09:11.0531 3312 b57w2k - ok
    18:09:11.0640 3312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:09:11.0640 3312 Beep - ok
    18:09:11.0812 3312 Bonifay (c0152e77307de863ebf6c728cf0a771d) C:\WINDOWS\system32\DRIVERS\Bonifay.sys
    18:09:11.0812 3312 Bonifay - ok
    18:09:11.0921 3312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:09:11.0937 3312 cbidf2k - ok
    18:09:12.0000 3312 cd20xrnt - ok
    18:09:12.0125 3312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:09:12.0140 3312 Cdaudio - ok
    18:09:12.0328 3312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:09:12.0343 3312 Cdfs - ok
    18:09:12.0390 3312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:09:12.0390 3312 Cdrom - ok
    18:09:12.0453 3312 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
    18:09:12.0515 3312 cfwids - ok
    18:09:12.0578 3312 Changer - ok
    18:09:12.0625 3312 CmdIde - ok
    18:09:12.0687 3312 Cpqarray - ok
    18:09:12.0796 3312 csmbrqkp - ok
    18:09:12.0968 3312 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    18:09:13.0000 3312 CVirtA - ok
    18:09:13.0093 3312 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    18:09:13.0093 3312 CVPNDRVA - ok
    18:09:13.0109 3312 dac2w2k - ok
    18:09:13.0187 3312 dac960nt - ok
    18:09:13.0531 3312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:09:13.0593 3312 Disk - ok
    18:09:13.0890 3312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:09:14.0156 3312 dmboot - ok
    18:09:14.0218 3312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:09:14.0265 3312 dmio - ok
    18:09:14.0296 3312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:09:14.0296 3312 dmload - ok
    18:09:14.0375 3312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:09:14.0390 3312 DMusic - ok
    18:09:14.0546 3312 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
    18:09:14.0546 3312 DNE - ok
    18:09:14.0750 3312 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
    18:09:14.0812 3312 Dot4 - ok
    18:09:14.0937 3312 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
    18:09:14.0937 3312 Dot4Print - ok
    18:09:15.0031 3312 dpti2o - ok
    18:09:15.0140 3312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:09:15.0140 3312 drmkaud - ok
    18:09:15.0250 3312 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    18:09:15.0250 3312 ElbyCDIO - ok
    18:09:15.0328 3312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:09:15.0328 3312 Fastfat - ok
    18:09:15.0390 3312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    18:09:15.0390 3312 Fdc - ok
    18:09:15.0406 3312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:09:15.0406 3312 Fips - ok
    18:09:15.0468 3312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    18:09:15.0468 3312 Flpydisk - ok
    18:09:15.0500 3312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:09:15.0500 3312 FltMgr - ok
    18:09:15.0515 3312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:09:15.0515 3312 Fs_Rec - ok
    18:09:15.0546 3312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:09:15.0546 3312 Ftdisk - ok
    18:09:15.0625 3312 Gonzales (673d63add112dce1ea58a4e418eddb86) C:\WINDOWS\system32\DRIVERS\Gonzales.sys
    18:09:15.0625 3312 Gonzales - ok
    18:09:15.0671 3312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:09:15.0703 3312 Gpc - ok
    18:09:15.0781 3312 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:09:15.0796 3312 hidusb - ok
    18:09:16.0093 3312 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
    18:09:16.0093 3312 HPFXBULK - ok
    18:09:16.0234 3312 hpn - ok
    18:09:16.0421 3312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:09:16.0468 3312 HTTP - ok
    18:09:16.0687 3312 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
    18:09:16.0687 3312 hwdatacard - ok
    18:09:16.0796 3312 i2omgmt - ok
    18:09:16.0828 3312 i2omp - ok
    18:09:16.0937 3312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
    18:09:16.0937 3312 i8042prt - ok
    18:09:17.0000 3312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:09:17.0000 3312 Imapi - ok
    18:09:17.0062 3312 ini910u - ok
    18:09:17.0109 3312 IntelIde - ok
    18:09:17.0171 3312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:09:17.0171 3312 intelppm - ok
    18:09:17.0234 3312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    18:09:17.0234 3312 Ip6Fw - ok
    18:09:17.0281 3312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:09:17.0281 3312 IpFilterDriver - ok
    18:09:17.0312 3312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:09:17.0312 3312 IpInIp - ok
    18:09:17.0359 3312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:09:17.0375 3312 IpNat - ok
    18:09:17.0390 3312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:09:17.0390 3312 IPSec - ok
    18:09:17.0421 3312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:09:17.0421 3312 IRENUM - ok
    18:09:17.0468 3312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:09:17.0468 3312 isapnp - ok
    18:09:17.0500 3312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:09:17.0500 3312 Kbdclass - ok
    18:09:17.0531 3312 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:09:17.0531 3312 kbdhid - ok
    18:09:17.0625 3312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:09:17.0625 3312 kmixer - ok
    18:09:17.0687 3312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:09:17.0687 3312 KSecDD - ok
    18:09:17.0859 3312 lbrtfdc - ok
    18:09:17.0968 3312 MBAMSwissArmy - ok
    18:09:18.0406 3312 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
    18:09:18.0406 3312 mfeapfk - ok
    18:09:18.0750 3312 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
    18:09:18.0750 3312 mfeavfk - ok
    18:09:18.0875 3312 mfeavfk01 - ok
    18:09:18.0984 3312 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
    18:09:18.0984 3312 mfebopk - ok
    18:09:19.0187 3312 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
    18:09:19.0187 3312 mfefirek - ok
    18:09:19.0328 3312 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
    18:09:19.0343 3312 mfehidk - ok
    18:09:19.0453 3312 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    18:09:19.0453 3312 mfendisk - ok
    18:09:19.0453 3312 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
    18:09:19.0468 3312 mfendiskmp - ok
    18:09:19.0546 3312 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
    18:09:19.0578 3312 mferkdet - ok
    18:09:19.0593 3312 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
    18:09:19.0593 3312 mfetdi2k - ok
    18:09:19.0671 3312 Micorsoft Windows Service - ok
    18:09:19.0781 3312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:09:19.0796 3312 mnmdd - ok
    18:09:19.0875 3312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:09:19.0875 3312 Modem - ok
    18:09:19.0906 3312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:09:19.0906 3312 Mouclass - ok
    18:09:19.0984 3312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:09:19.0984 3312 mouhid - ok
    18:09:20.0031 3312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:09:20.0031 3312 MountMgr - ok
    18:09:20.0078 3312 mraid35x - ok
    18:09:20.0156 3312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:09:20.0171 3312 MRxDAV - ok
    18:09:20.0281 3312 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:09:20.0281 3312 MRxSmb - ok
    18:09:20.0375 3312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:09:20.0375 3312 Msfs - ok
    18:09:20.0468 3312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:09:20.0484 3312 MSKSSRV - ok
    18:09:20.0546 3312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:09:20.0546 3312 MSPCLOCK - ok
    18:09:20.0578 3312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:09:20.0578 3312 MSPQM - ok
    18:09:20.0671 3312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:09:20.0687 3312 mssmbios - ok
    18:09:20.0968 3312 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    18:09:20.0968 3312 Mup - ok
    18:09:21.0156 3312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:09:21.0156 3312 NDIS - ok
    18:09:21.0234 3312 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:09:21.0234 3312 NdisTapi - ok
    18:09:21.0328 3312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:09:21.0328 3312 Ndisuio - ok
    18:09:21.0359 3312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:09:21.0375 3312 NdisWan - ok
    18:09:21.0421 3312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:09:21.0421 3312 NDProxy - ok
    18:09:21.0453 3312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:09:21.0453 3312 NetBIOS - ok
    18:09:21.0515 3312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:09:21.0515 3312 NetBT - ok
    18:09:21.0593 3312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:09:21.0593 3312 Npfs - ok
    18:09:21.0640 3312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:09:21.0671 3312 Ntfs - ok
    18:09:21.0734 3312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:09:21.0734 3312 Null - ok
    18:09:21.0796 3312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:09:21.0812 3312 NwlnkFlt - ok
    18:09:21.0859 3312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:09:21.0859 3312 NwlnkFwd - ok
    18:09:22.0000 3312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    18:09:22.0015 3312 Parport - ok
    18:09:22.0078 3312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:09:22.0078 3312 PartMgr - ok
    18:09:22.0171 3312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:09:22.0171 3312 ParVdm - ok
    18:09:22.0234 3312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:09:22.0234 3312 PCI - ok
    18:09:22.0250 3312 PCIDump - ok
    18:09:22.0312 3312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:09:22.0312 3312 PCIIde - ok
    18:09:22.0421 3312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:09:22.0421 3312 Pcmcia - ok
    18:09:22.0468 3312 PDCOMP - ok
    18:09:22.0531 3312 PDFRAME - ok
    18:09:22.0640 3312 PDRELI - ok
    18:09:22.0687 3312 PDRFRAME - ok
    18:09:22.0781 3312 perc2 - ok
    18:09:22.0890 3312 perc2hib - ok
    18:09:23.0062 3312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:09:23.0062 3312 PptpMiniport - ok
    18:09:23.0187 3312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:09:23.0218 3312 PSched - ok
    18:09:23.0328 3312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:09:23.0328 3312 Ptilink - ok
    18:09:23.0343 3312 ql1080 - ok
    18:09:23.0359 3312 Ql10wnt - ok
    18:09:23.0390 3312 ql12160 - ok
    18:09:23.0437 3312 ql1240 - ok
    18:09:23.0468 3312 ql1280 - ok
    18:09:23.0515 3312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:09:23.0515 3312 RasAcd - ok
    18:09:23.0578 3312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:09:23.0578 3312 Rasl2tp - ok
    18:09:23.0640 3312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:09:23.0640 3312 RasPppoe - ok
    18:09:23.0718 3312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:09:23.0718 3312 Raspti - ok
    18:09:23.0796 3312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:09:23.0796 3312 Rdbss - ok
    18:09:23.0843 3312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:09:23.0843 3312 RDPCDD - ok
    18:09:23.0906 3312 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:09:23.0921 3312 rdpdr - ok
    18:09:24.0000 3312 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:09:24.0015 3312 RDPWD - ok
    18:09:24.0078 3312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:09:24.0078 3312 redbook - ok
    18:09:24.0218 3312 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
    18:09:24.0234 3312 RT73 - ok
    18:09:24.0296 3312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:09:24.0296 3312 Secdrv - ok
    18:09:24.0390 3312 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    18:09:24.0406 3312 senfilt - ok
    18:09:24.0437 3312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    18:09:24.0437 3312 serenum - ok
    18:09:24.0515 3312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    18:09:24.0515 3312 Serial - ok
    18:09:24.0546 3312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:09:24.0546 3312 Sfloppy - ok
    18:09:24.0593 3312 Simbad - ok
    18:09:24.0703 3312 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    18:09:24.0703 3312 smwdm - ok
    18:09:24.0750 3312 Sparrow - ok
    18:09:24.0843 3312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:09:24.0843 3312 splitter - ok
    18:09:24.0953 3312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:09:24.0953 3312 sr - ok
    18:09:25.0031 3312 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:09:25.0046 3312 Srv - ok
    18:09:25.0109 3312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:09:25.0109 3312 swenum - ok
    18:09:25.0171 3312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:09:25.0187 3312 swmidi - ok
    18:09:25.0281 3312 symc810 - ok
    18:09:25.0531 3312 symc8xx - ok
    18:09:25.0781 3312 sym_hi - ok
    18:09:26.0031 3312 sym_u3 - ok
    18:09:26.0140 3312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:09:26.0140 3312 sysaudio - ok
    18:09:26.0296 3312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:09:26.0312 3312 Tcpip - ok
    18:09:26.0390 3312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:09:26.0390 3312 TDPIPE - ok
    18:09:26.0453 3312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:09:26.0453 3312 TDTCP - ok
    18:09:26.0500 3312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:09:26.0500 3312 TermDD - ok
    18:09:26.0546 3312 TosIde - ok
    18:09:26.0625 3312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:09:26.0625 3312 Udfs - ok
    18:09:26.0640 3312 ultra - ok
    18:09:26.0687 3312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:09:26.0703 3312 Update - ok
    18:09:26.0765 3312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:09:26.0781 3312 usbccgp - ok
    18:09:26.0828 3312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:09:26.0828 3312 usbehci - ok
    18:09:26.0890 3312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:09:26.0890 3312 usbhub - ok
    18:09:26.0953 3312 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:09:26.0953 3312 usbprint - ok
    18:09:27.0046 3312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:09:27.0046 3312 USBSTOR - ok
    18:09:27.0125 3312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:09:27.0125 3312 usbuhci - ok
    18:09:27.0218 3312 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\WINDOWS\system32\DRIVERS\VClone.sys
    18:09:27.0234 3312 VClone - ok
    18:09:27.0250 3312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:09:27.0265 3312 VgaSave - ok
    18:09:27.0281 3312 ViaIde - ok
    18:09:27.0343 3312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:09:27.0359 3312 VolSnap - ok
    18:09:27.0406 3312 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
    18:09:27.0406 3312 vsdatant - ok
    18:09:27.0484 3312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:09:27.0484 3312 Wanarp - ok
    18:09:27.0500 3312 WDICA - ok
    18:09:27.0625 3312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:09:27.0640 3312 wdmaud - ok
    18:09:27.0890 3312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    18:09:28.0375 3312 \Device\Harddisk0\DR0 - ok
    18:09:28.0390 3312 Boot (0x1200) (e6b55c23be86f137bd054ea55b406768) \Device\Harddisk0\DR0\Partition0
    18:09:28.0390 3312 \Device\Harddisk0\DR0\Partition0 - ok
    18:09:28.0390 3312 ============================================================
    18:09:28.0390 3312 Scan finished
    18:09:28.0390 3312 ============================================================
    18:09:28.0437 3032 Detected object count: 0
    18:09:28.0437 3032 Actual detected object count: 0
    18:09:36.0203 3904 Deinitialize success
  6. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Good :)

    How is redirection?

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    aswMBR log/Combofix problem

    Google behaviour:
    =================

    IE8 opens OK to google.co.uk home page but where the address bar should be is transparent. Typing in eg Cats in the search box and then enter or click Google Search produced a blank page with Cats in the Google toobar search box, no results, "Done" in bottom left, and an unusual URL in the title bar.

    Closed it with the red X and tried again this time got a list of results. Right clicking on one and clicking Open in New Tab produced no new tab, cursor remains a hand. Cannot red X out of it. Task Manager shows 4 iexplores. Ending the lowest process brought back the Google home page as before. This could be red X'd but left three iexplores in task manager.

    Chrome doesn't open at all.

    aswMBR
    ======
    After clicking Yes to "Would you like to download latest Avast! virus definitions?"
    got the message "Avast engine download error : 0"
    clicked Scan and it continued. Report pasted below

    combofix
    ========
    Without reliable Internet access on the compromised machine I have been doing the downloads on another (Vista) machine and copying across via a USB stick. Sorry for not mentioning this. When I attempt to copy the downloaded combofix I get "Access Denied"

    Without an address bar I can't even type or paste the URL in.

    Also before I run it let me mention again that I have no access to the Mcafee gui.
    In fact it now does not open at all so I cannot disable it.

    I also ended the other iexplores via task manager and tried to copy combofix again with the same result.

    Awaiting instructions

    Thanks,

    Graham.

    aswMBR log
    ==========

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-14 18:58:32
    -----------------------------
    18:58:32.546 OS Version: Windows 5.1.2600 Service Pack 3
    18:58:32.546 Number of processors: 2 586 0x407
    18:58:32.546 ComputerName: UNIVERSI-2DDE3C UserName: Russell Dobash
    18:58:32.953 Initialize success
    18:58:50.953 AVAST engine download error: 0
    19:01:05.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
    19:01:05.312 Disk 0 Vendor: ST3160812AS 3.ADH Size: 152587MB BusType: 3
    19:01:07.328 Disk 0 MBR read successfully
    19:01:07.343 Disk 0 MBR scan
    19:01:07.359 Disk 0 Windows XP default MBR code
    19:01:07.390 Disk 0 scanning sectors +312480315
    19:01:07.484 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:01:16.968 Service scanning
    19:01:18.250 Modules scanning
    19:01:35.046 Disk 0 trace - called modules:
    19:01:35.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    19:01:35.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a572ab8]
    19:01:35.125 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a5cb030]
    19:01:35.140 Scan finished successfully
    19:02:02.437 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
    19:02:02.468 The log file has been saved successfully to "F:\aswMBR.txt"
  8. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    See if DDS will run now.
  9. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    DDS 2nd attempt

    DDS looks the same as last time, been running for 10 minutes, 42 "#" across the screen, not progressing any further, both CPU cores running at between 30 and 50%, Mcshield mostly.

    Shall I kill it?
  10. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    Taking the USB stick out dropped the CPU to 0.
  11. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    OTL.txt

    OTL logfile created on: 10/14/2011 8:25:09 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Russell Dobash\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.36% Memory free
    3.84 Gb Paging File | 3.34 Gb Available in Paging File | 86.89% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.92 Gb Total Space | 126.98 Gb Free Space | 85.27% Space Free | Partition Type: NTFS
    Drive F: | 1001.25 Mb Total Space | 958.48 Mb Free Space | 95.73% Space Free | Partition Type: FAT32

    Computer Name: UNIVERSI-2DDE3C | User Name: Russell Dobash | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/14 20:21:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
    PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2010/10/12 14:56:44 | 000,164,384 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsMap.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/02/14 11:53:48 | 003,338,296 | ---- | M] (Freecom) -- C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
    PRC - [2005/11/21 15:55:16 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
    PRC - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    PRC - [2005/06/06 23:46:24 | 000,176,606 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    PRC - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/10/08 09:00:31 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_07258f3b\mscorlib.dll
    MOD - [2010/10/08 09:00:24 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_da50a229\system.drawing.dll
    MOD - [2010/10/06 18:14:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e27e83d9\system.xml.dll
    MOD - [2010/10/06 18:14:08 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ccf464b8\system.windows.forms.dll
    MOD - [2010/10/06 18:14:01 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2b2ee9d8\system.dll
    MOD - [2010/10/06 18:13:53 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
    MOD - [2010/10/06 18:13:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2009/11/17 12:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
    MOD - [2009/01/29 12:27:06 | 000,310,800 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saset.dll
    MOD - [2009/01/29 12:27:04 | 000,652,304 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sacore.dll
    MOD - [2009/01/29 12:27:02 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
    MOD - [2009/01/29 12:27:00 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
    MOD - [2009/01/29 12:26:58 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
    MOD - [2009/01/23 10:46:22 | 000,351,248 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
    MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
    MOD - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    MOD - [2009/01/23 10:46:14 | 000,056,336 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
    MOD - [2007/12/02 13:22:33 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
    MOD - [2007/12/02 13:22:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    MOD - [2007/12/02 13:22:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2007/12/02 13:22:30 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2007/12/02 13:22:30 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
    MOD - [2005/08/10 15:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll
    MOD - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    MOD - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    MOD - [2003/10/08 11:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll
    MOD - [2003/06/30 15:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll
    MOD - [2002/10/03 11:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll
    MOD - [2002/04/09 07:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
    DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2009/10/07 13:01:04 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2005/12/13 15:10:00 | 000,007,040 | ---- | M] (Freecom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gonzales.sys -- (Gonzales)
    DRV - [2005/11/28 21:55:46 | 000,012,160 | ---- | M] (Freecom) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Bonifay.sys -- (Bonifay)
    DRV - [2005/09/20 11:22:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
    DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
    IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 74 E1 15 8A 27 CC 01 [binary data]
    IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/10/07 13:30:31 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/09/13 14:27:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110402175609.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-725345543-1482476501-839522115-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
    O4 - HKU\.DEFAULT..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
    O4 - HKU\S-1-5-18..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
    O4 - Startup: C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe (Freecom)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1243236794562 (MUWebControl Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C06FEDC-A9E2-4DCB-AAA4-435CE2FF8659}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF6EECDD-5905-4FCB-9358-4CEEAACF8E93}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/07/10 12:30:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/10/14 20:27:00 | 000,000,003 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\AutoRun\command - "" = ircphate.exe
    O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\open\command - "" = ircphate.exe
    O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell - "" = AutoRun
    O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
    O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell - "" = AutoRun
    O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
    O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell - "" = AutoRun
    O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
    O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
    O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
    O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
    O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/14 20:23:25 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
    [2011/10/14 18:58:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
    [2011/10/14 18:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/10/14 10:49:18 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
    [2011/10/13 21:35:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\My Documents\My Videos
    [2011/10/13 21:35:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Administrative Tools
    [2011/10/13 21:35:29 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
    [2011/10/13 18:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/10/13 18:11:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/10/13 18:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/10/13 18:11:01 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/10 12:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/10/08 16:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\PCHealth
    [2011/10/07 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
    [2011/10/03 13:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EndNote
    [2011/09/28 13:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
    [2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uxta
    [2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uqoxug
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/10/14 20:21:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
    [2011/10/14 20:20:01 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
    [2011/10/14 20:17:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
    [2011/10/14 20:02:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003UA.job
    [2011/10/14 19:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/14 18:08:15 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    [2011/10/14 18:07:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/10/14 18:07:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/14 18:07:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/10/14 11:02:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003Core.job
    [2011/10/14 10:56:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/10/14 10:56:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/10/14 10:31:10 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
    [2011/10/13 18:11:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/13 18:09:53 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
    [2011/10/13 12:03:34 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
    [2011/10/13 08:31:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/08 10:53:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
    [2011/10/03 13:39:20 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
    [2011/09/28 14:45:42 | 003,052,387 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
    [2011/09/28 13:41:43 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [2011/09/28 13:35:19 | 000,327,348 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
    [2011/09/28 13:27:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/09/27 15:13:48 | 000,077,521 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
    [2011/09/15 16:38:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/10/13 21:30:47 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
    [2011/10/13 18:11:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/13 18:09:51 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
    [2011/10/08 10:53:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
    [2011/10/03 13:36:43 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R2D2- LIBRARY- ALL REFS 29Aug2011 Copy Copy Copy.enl
    [2011/09/29 13:27:14 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\R2D2- all.refs Note7, aug29.enl
    [2011/09/29 10:48:03 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
    [2011/09/28 14:45:42 | 003,052,387 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
    [2011/09/28 13:41:43 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2011/09/28 13:35:19 | 000,327,348 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
    [2011/09/27 15:13:48 | 000,077,521 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
    [2010/03/09 14:26:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
    [2009/11/17 12:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2007/09/05 14:54:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\fusioncache.dat
    [2007/06/25 14:23:50 | 000,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
    [2007/06/25 14:23:39 | 000,001,359 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
    [2007/06/25 14:19:34 | 000,093,585 | ---- | C] () -- C:\WINDOWS\hppins03.dat
    [2007/06/25 14:19:34 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
    [2007/06/25 11:08:57 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
    [2007/06/25 11:08:57 | 000,000,526 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
    [2007/06/23 11:15:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
    [2007/06/23 11:10:16 | 000,093,474 | ---- | C] () -- C:\WINDOWS\hppins03.dat.temp
    [2007/06/23 11:10:16 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat.temp
    [2007/03/16 15:33:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
    [2006/12/02 11:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
    [2006/09/20 13:38:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
    [2006/09/20 13:38:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
    [2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
    [2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
    [2006/08/28 14:04:31 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
    [2006/08/28 14:04:31 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
    [2006/08/24 12:15:21 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/07/10 13:11:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/07/10 13:10:48 | 000,307,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/07/10 12:42:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/07/10 12:32:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/07/10 12:27:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 13:00:00 | 000,383,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 13:00:00 | 000,053,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2009/12/21 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
    [2010/03/09 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
    [2010/03/09 14:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
    [2011/10/05 17:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2011/10/03 13:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\EndNote
    [2007/11/28 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Leadertech
    [2010/09/20 13:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\MSNInstaller
    [2009/12/21 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Tatara Systems
    [2011/09/28 12:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Uqoxug
    [2011/09/28 13:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Uxta

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/07/10 12:30:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2006/07/10 12:25:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2006/07/10 12:30:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/07/10 12:30:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/07/10 12:30:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/06/17 11:22:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/10/14 18:07:00 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2011/10/14 10:51:18 | 000,047,452 | ---- | M] () -- C:\TDSSKiller.2.6.9.0_14.10.2011_10.49.44_log.txt
    [2011/10/14 18:09:36 | 000,046,498 | ---- | M] () -- C:\TDSSKiller.2.6.9.0_14.10.2011_18.09.03_log.txt

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/07/10 12:29:55 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2005/09/23 02:25:16 | 000,069,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp053.dll
    [2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2010/07/25 14:06:19 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Russell Dobash\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/07/10 13:10:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2006/07/10 13:10:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2006/07/10 13:10:00 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/06/17 11:31:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/07/10 12:34:03 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Russell Dobash\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2006/07/10 12:34:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/10/14 20:17:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
    [2011/10/14 20:20:01 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
    [2011/10/13 08:31:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/14 20:21:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
    [2011/10/14 10:31:10 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/07/10 12:34:02 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Russell Dobash\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/10/14 19:09:18 | 000,540,672 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2008/04/14 01:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 15:01:49 | 000,201,147 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2007/04/02 19:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2007/04/02 19:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2007/04/02 19:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  13. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    extras.txt

    OTL Extras logfile created on: 10/14/2011 8:25:09 PM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Russell Dobash\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.36% Memory free
    3.84 Gb Paging File | 3.34 Gb Available in Paging File | 86.89% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.92 Gb Total Space | 126.98 Gb Free Space | 85.27% Space Free | Partition Type: NTFS
    Drive F: | 1001.25 Mb Total Space | 958.48 Mb Free Space | 95.73% Space Free | Partition Type: FAT32

    Computer Name: UNIVERSI-2DDE3C | User Name: Russell Dobash | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "D:\setup\HPZnet01.exe" = D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
    "D:\setup\hppapd.exe" = D:\setup\hppapd.exe:*:Enabled:hppapd.exe
    "D:\setup\hppnicifs01.exe" = D:\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe
    "D:\setup\hpntwkexe.exe" = D:\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe
    "D:\setup\hppSetBOD.exe" = D:\setup\hppSetBOD.exe:*:Enabled:hppsetbod.exe
    "D:\setup\hppnac01.exe" = D:\setup\hppnac01.exe:*:Enabled:hppnac01.exe
    "C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
    "C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
    "C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
    "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
    "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
    "D:\X86\IbisCont.exe" = D:\X86\IbisCont.exe:*:Enabled:BT Home Hub 3.0
    "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{049CAE8B-67B4-4C53-8B08-58331A41A4C0}" = hpzTLBXFX
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{0BF9161F-67BB-4CB5-A6C4-04E74020CB9E}" = QSR N6
    "{11A3D40A-6EF9-4E0E-BB34-E9F458C40601}" = hppIOFiles
    "{15B25E12-3E5F-4C13-A637-9EC72A55491E}" = SPSS 15.0 for Windows
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1E745BC8-4C2C-423D-8601-770BB3E9E023}" = hppusg2605
    "{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
    "{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
    "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{38DFF723-C0B1-44AB-A927-62EDB033908F}" = Belkin 54g USB Network Adapter
    "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
    "{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
    "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
    "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
    "{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
    "{6B7E1C85-CAAB-42DD-9319-E785C2C19BB3}" = hppTLBXFX2605
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{9CD9AA8B-E6A4-4199-8DDD-43C6A57273C2}" = EndNote 8.0.1
    "{9D08BA75-D917-43FD-A0C4-F81D27C61053}" = hppCLJ2605
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
    "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
    "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
    "{C53D0627-79E7-45A0-B37C-B92A7E40F122}" = hppManuals2605
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
    "{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
    "{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
    "{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "EndNote" = EndNote
    "Freecom Personal Media Suite_is1" = Freecom Personal Media Suite 2.24
    "HP Color LaserJet 2605" = HP Color LaserJet 2605 Series 1.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 6.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
    "HPExtendedCapabilities" = HP Extended Capabilities 6.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "MSC" = McAfee AntiVirus Plus
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "QSR NVivo 1.2 Demo" = QSR NVivo 1.2 Demo
    "VirtualCloneDrive" = VirtualCloneDrive
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/9/2011 6:59:12 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1000
    Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
    unknown, version 0.0.0.0, fault address 0x71ad0fef.

    Error - 10/9/2011 6:59:57 AM | Computer Name = UNIVERSI-2DDE3C | Source = Winlogon | ID = 1015
    Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
    status code c0000005. The machine must now be restarted.

    Error - 10/9/2011 7:02:56 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1004
    Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
    unknown, version 0.0.0.0, fault address 0x71ad0fef.

    Error - 10/9/2011 7:03:09 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1000
    Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
    unknown, version 0.0.0.0, fault address 0x71ad0fe5.

    Error - 10/9/2011 7:03:14 AM | Computer Name = UNIVERSI-2DDE3C | Source = Winlogon | ID = 1015
    Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
    status code c0000005. The machine must now be restarted.

    Error - 10/9/2011 7:03:19 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1004
    Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
    unknown, version 0.0.0.0, fault address 0x71ad0fe5.

    Error - 10/9/2011 7:22:10 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1000
    Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
    unknown, version 0.0.0.0, fault address 0x71ad0000.

    Error - 10/9/2011 7:22:32 AM | Computer Name = UNIVERSI-2DDE3C | Source = Winlogon | ID = 1015
    Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
    status code c0000005. The machine must now be restarted.

    Error - 10/9/2011 7:24:57 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1004
    Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
    unknown, version 0.0.0.0, fault address 0x71ad0000.

    Error - 10/13/2011 12:48:43 PM | Computer Name = UNIVERSI-2DDE3C | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 10/14/2011 3:25:16 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 10/14/2011 3:25:48 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 10/14/2011 3:26:21 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 10/14/2011 3:26:56 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 10/14/2011 3:27:36 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 10/14/2011 3:28:26 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 10/14/2011 3:28:56 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 10/14/2011 3:29:31 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 10/14/2011 3:30:06 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.

    Error - 10/14/2011 3:31:21 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
    Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
    with DCOM within the required timeout.


    < End of report >
  14. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
      DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
      O4 - HKLM..\Run: [] File not found
      O4 - HKU\.DEFAULT..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
      O4 - HKU\S-1-5-18..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
      O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
      O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\AutoRun\command - "" = ircphate.exe
      O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\open\command - "" = ircphate.exe
      O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell - "" = AutoRun
      O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
      O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell - "" = AutoRun
      O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
      O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell - "" = AutoRun
      O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
      O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
      O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
      O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
      O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
      [2011/10/07 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
      [2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uxta
      [2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uqoxug
      [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
  15. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    OTL Run Fix Output

    :OTL
    DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
    DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\.DEFAULT..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
    O4 - HKU\S-1-5-18..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
    O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\AutoRun\command - "" = ircphate.exe
    O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\open\command - "" = ircphate.exe
    O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell - "" = AutoRun
    O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
    O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell - "" = AutoRun
    O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
    O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell - "" = AutoRun
    O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
    O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
    O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
    O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
    O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
    [2011/10/07 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
    [2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uxta
    [2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uqoxug
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


    :Services

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" =-

    :Files

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  16. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    OTL Quick Scan Output

    OTL logfile created on: 10/14/2011 9:51:31 PM - Run 2
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Russell Dobash\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.82% Memory free
    3.84 Gb Paging File | 3.38 Gb Available in Paging File | 88.11% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.92 Gb Total Space | 127.02 Gb Free Space | 85.29% Space Free | Partition Type: NTFS
    Drive F: | 1001.25 Mb Total Space | 948.82 Mb Free Space | 94.76% Space Free | Partition Type: FAT32

    Computer Name: UNIVERSI-2DDE3C | User Name: Russell Dobash | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/14 20:21:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
    PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2010/10/12 14:56:44 | 000,164,384 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsMap.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/02/14 11:53:48 | 003,338,296 | ---- | M] (Freecom) -- C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
    PRC - [2005/11/21 15:55:16 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
    PRC - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    PRC - [2005/06/06 23:46:24 | 000,176,606 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    PRC - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/10/08 09:00:31 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_07258f3b\mscorlib.dll
    MOD - [2010/10/08 09:00:24 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_da50a229\system.drawing.dll
    MOD - [2010/10/06 18:14:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e27e83d9\system.xml.dll
    MOD - [2010/10/06 18:14:08 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ccf464b8\system.windows.forms.dll
    MOD - [2010/10/06 18:14:01 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2b2ee9d8\system.dll
    MOD - [2010/10/06 18:13:53 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
    MOD - [2010/10/06 18:13:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2009/11/17 12:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
    MOD - [2009/01/29 12:27:06 | 000,310,800 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saset.dll
    MOD - [2009/01/29 12:27:04 | 000,652,304 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sacore.dll
    MOD - [2009/01/29 12:27:02 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
    MOD - [2009/01/29 12:27:00 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
    MOD - [2009/01/29 12:26:58 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
    MOD - [2009/01/23 10:46:22 | 000,351,248 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
    MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
    MOD - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    MOD - [2009/01/23 10:46:14 | 000,056,336 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
    MOD - [2007/12/02 13:22:33 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
    MOD - [2007/12/02 13:22:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    MOD - [2007/12/02 13:22:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2007/12/02 13:22:30 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2007/12/02 13:22:30 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
    MOD - [2005/08/10 15:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll
    MOD - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    MOD - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    MOD - [2003/10/08 11:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll
    MOD - [2003/06/30 15:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll
    MOD - [2002/10/03 11:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll
    MOD - [2002/04/09 07:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
    DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2009/10/07 13:01:04 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2005/12/13 15:10:00 | 000,007,040 | ---- | M] (Freecom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gonzales.sys -- (Gonzales)
    DRV - [2005/11/28 21:55:46 | 000,012,160 | ---- | M] (Freecom) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Bonifay.sys -- (Bonifay)
    DRV - [2005/09/20 11:22:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
    DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 74 E1 15 8A 27 CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/10/07 13:30:31 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/09/13 14:27:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110402175609.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
    O4 - Startup: C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe (Freecom)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1243236794562 (MUWebControl Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C06FEDC-A9E2-4DCB-AAA4-435CE2FF8659}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF6EECDD-5905-4FCB-9358-4CEEAACF8E93}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/07/10 12:30:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/10/14 21:53:10 | 000,000,003 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/14 21:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/10/14 21:44:40 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/10/14 20:23:25 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
    [2011/10/14 18:58:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
    [2011/10/14 10:49:18 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
    [2011/10/13 21:35:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\My Documents\My Videos
    [2011/10/13 21:35:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Administrative Tools
    [2011/10/13 21:35:29 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
    [2011/10/13 18:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/10/13 18:11:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/10/13 18:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/10/13 18:11:01 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/10 12:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/10/08 16:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\PCHealth
    [2011/10/07 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
    [2011/10/03 13:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EndNote
    [2011/09/28 13:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore

    ========== Files - Modified Within 30 Days ==========

    [2011/10/14 21:49:01 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    [2011/10/14 21:48:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/10/14 21:48:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/14 21:47:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/10/14 21:02:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003UA.job
    [2011/10/14 20:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/14 20:21:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
    [2011/10/14 20:20:01 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
    [2011/10/14 20:17:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
    [2011/10/14 11:02:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003Core.job
    [2011/10/14 10:56:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/10/14 10:56:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/10/14 10:31:10 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
    [2011/10/13 18:11:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/13 18:09:53 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
    [2011/10/13 12:03:34 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
    [2011/10/13 08:31:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/08 10:53:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
    [2011/10/03 13:39:20 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
    [2011/09/28 14:45:42 | 003,052,387 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
    [2011/09/28 13:41:43 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [2011/09/28 13:35:19 | 000,327,348 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
    [2011/09/28 13:27:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/09/27 15:13:48 | 000,077,521 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
    [2011/09/15 16:38:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

    ========== Files Created - No Company Name ==========

    [2011/10/13 21:30:47 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
    [2011/10/13 18:11:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/13 18:09:51 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
    [2011/10/08 10:53:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
    [2011/10/03 13:36:43 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R2D2- LIBRARY- ALL REFS 29Aug2011 Copy Copy Copy.enl
    [2011/09/29 13:27:14 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\R2D2- all.refs Note7, aug29.enl
    [2011/09/29 10:48:03 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
    [2011/09/28 14:45:42 | 003,052,387 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
    [2011/09/28 13:41:43 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2011/09/28 13:35:19 | 000,327,348 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
    [2011/09/27 15:13:48 | 000,077,521 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
    [2010/03/09 14:26:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
    [2009/11/17 12:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2007/09/05 14:54:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\fusioncache.dat
    [2007/06/25 14:23:50 | 000,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
    [2007/06/25 14:23:39 | 000,001,359 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
    [2007/06/25 14:19:34 | 000,093,585 | ---- | C] () -- C:\WINDOWS\hppins03.dat
    [2007/06/25 14:19:34 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
    [2007/06/25 11:08:57 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
    [2007/06/25 11:08:57 | 000,000,526 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
    [2007/06/23 11:15:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
    [2007/06/23 11:10:16 | 000,093,474 | ---- | C] () -- C:\WINDOWS\hppins03.dat.temp
    [2007/06/23 11:10:16 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat.temp
    [2007/03/16 15:33:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
    [2006/12/02 11:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
    [2006/09/20 13:38:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
    [2006/09/20 13:38:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
    [2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
    [2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
    [2006/08/28 14:04:31 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
    [2006/08/28 14:04:31 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
    [2006/08/24 12:15:21 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/07/10 13:11:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/07/10 13:10:48 | 000,307,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/07/10 12:42:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/07/10 12:32:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/07/10 12:27:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 13:00:00 | 000,383,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 13:00:00 | 000,053,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2009/12/21 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
    [2010/03/09 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
    [2010/03/09 14:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
    [2011/10/03 13:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\EndNote
    [2007/11/28 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Leadertech
    [2010/09/20 13:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\MSNInstaller
    [2009/12/21 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Tatara Systems

    ========== Purity Check ==========



    < End of report >
  17. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    You didn't run my fix.
    In reply #15 you simply copied and pasted my script.
    Re-read my instructions and redo.
  18. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    OTL Run Fix Output (really this time)

    Sorry Broni,

    You are correct I pasted your fix into reply 15. That was a mistake. I did in fact run the fix in the proper sequence and the output follows here. If you wish I will run the fix and the quick scan again but I am sure this is the output from the fix.

    All processes killed
    ========== OTL ==========
    Service Micorsoft Windows Service stopped successfully!
    Service\Driver key Micorsoft Windows Service not found.
    Service vsdatant stopped successfully!
    Service vsdatant deleted successfully!
    C:\WINDOWS\system32\vsdatant.sys moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\LmlLhkfv deleted successfully.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\LmlLhkfv not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\ not found.
    File ircphate.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\ not found.
    File ircphate.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ not found.
    File F:\AUTORUN.EXE not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ea63c98-9676-11e0-909d-001372cae198}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ea63c98-9676-11e0-909d-001372cae198}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ea63c98-9676-11e0-909d-001372cae198}\ not found.
    File F:\AUTORUN.EXE not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26f52aa-d863-11df-9003-fc4e228586be}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26f52aa-d863-11df-9003-fc4e228586be}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26f52aa-d863-11df-9003-fc4e228586be}\ not found.
    File F:\AUTORUN.EXE not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ not found.
    File F:\AUTORUN.EXE not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ not found.
    File F:\AUTORUN.EXE not found.
    Folder move failed. C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi scheduled to be moved on reboot.
    C:\Documents and Settings\Russell Dobash\Application Data\Uxta folder moved successfully.
    C:\Documents and Settings\Russell Dobash\Application Data\Uqoxug folder moved successfully.
    C:\WINDOWS\003084_.tmp deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 12033894 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Russell Dobash
    ->Temp folder emptied: 419214783 bytes
    ->Temporary Internet Files folder emptied: 30899646 bytes
    ->Google Chrome cache emptied: 17237512 bytes
    ->Flash cache emptied: 1113721 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 119471360 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 11736 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 132837023 bytes

    Total Files Cleaned = 699.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Russell Dobash
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.29.1 log created on 10142011_214440

    Files\Folders moved on Reboot...
    Folder move failed. C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  19. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Now I need fresh log from OTL "Quick scan".
  20. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    Fresh log from OTL Quick Scan

    OTL logfile created on: 10/14/2011 11:31:29 PM - Run 3
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Russell Dobash\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.76% Memory free
    3.84 Gb Paging File | 3.30 Gb Available in Paging File | 86.04% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 148.92 Gb Total Space | 125.23 Gb Free Space | 84.09% Space Free | Partition Type: NTFS
    Drive F: | 1001.25 Mb Total Space | 945.46 Mb Free Space | 94.43% Space Free | Partition Type: FAT32

    Computer Name: UNIVERSI-2DDE3C | User Name: Russell Dobash | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/14 22:08:03 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
    PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2010/10/12 14:56:44 | 000,164,384 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsMap.exe
    PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/02/14 11:53:48 | 003,338,296 | ---- | M] (Freecom) -- C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
    PRC - [2005/11/21 15:55:16 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
    PRC - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    PRC - [2005/06/06 23:46:24 | 000,176,606 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    PRC - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/10/08 09:00:31 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_07258f3b\mscorlib.dll
    MOD - [2010/10/08 09:00:24 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_da50a229\system.drawing.dll
    MOD - [2010/10/06 18:14:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e27e83d9\system.xml.dll
    MOD - [2010/10/06 18:14:08 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ccf464b8\system.windows.forms.dll
    MOD - [2010/10/06 18:14:01 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2b2ee9d8\system.dll
    MOD - [2010/10/06 18:13:53 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
    MOD - [2010/10/06 18:13:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    MOD - [2009/11/17 12:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
    MOD - [2009/01/29 12:27:06 | 000,310,800 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saset.dll
    MOD - [2009/01/29 12:27:04 | 000,652,304 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sacore.dll
    MOD - [2009/01/29 12:27:02 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
    MOD - [2009/01/29 12:27:00 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
    MOD - [2009/01/29 12:26:58 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
    MOD - [2009/01/23 10:46:22 | 000,351,248 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
    MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
    MOD - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    MOD - [2009/01/23 10:46:14 | 000,056,336 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
    MOD - [2007/12/02 13:22:33 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
    MOD - [2007/12/02 13:22:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    MOD - [2007/12/02 13:22:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    MOD - [2007/12/02 13:22:30 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    MOD - [2007/12/02 13:22:30 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
    MOD - [2005/08/10 15:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll
    MOD - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
    MOD - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
    MOD - [2003/10/08 11:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll
    MOD - [2003/06/30 15:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll
    MOD - [2002/10/03 11:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll
    MOD - [2002/04/09 07:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
    DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2009/10/07 13:01:04 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2005/12/13 15:10:00 | 000,007,040 | ---- | M] (Freecom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gonzales.sys -- (Gonzales)
    DRV - [2005/11/28 21:55:46 | 000,012,160 | ---- | M] (Freecom) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Bonifay.sys -- (Bonifay)
    DRV - [2005/09/20 11:22:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
    DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
    DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 74 E1 15 8A 27 CC 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/10/07 13:30:31 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2011/09/13 14:27:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110402175609.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
    O4 - Startup: C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe (Freecom)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1243236794562 (MUWebControl Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C06FEDC-A9E2-4DCB-AAA4-435CE2FF8659}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF6EECDD-5905-4FCB-9358-4CEEAACF8E93}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/07/10 12:30:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/14 21:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
    [2011/10/14 21:44:40 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/10/14 20:23:25 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
    [2011/10/14 18:58:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
    [2011/10/14 10:49:18 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
    [2011/10/13 21:35:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\My Documents\My Videos
    [2011/10/13 21:35:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Administrative Tools
    [2011/10/13 21:35:29 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
    [2011/10/13 18:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/10/13 18:11:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/10/13 18:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/10/13 18:11:01 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/10 12:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2011/10/08 16:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\PCHealth
    [2011/10/07 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
    [2011/10/03 13:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EndNote
    [2011/09/28 13:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore

    ========== Files - Modified Within 30 Days ==========

    [2011/10/14 23:02:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003UA.job
    [2011/10/14 22:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/14 22:08:03 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
    [2011/10/14 22:07:59 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
    [2011/10/14 22:04:59 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
    [2011/10/14 21:49:01 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    [2011/10/14 21:48:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/10/14 21:48:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/14 21:47:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/10/14 11:02:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003Core.job
    [2011/10/14 10:56:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/10/14 10:56:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/10/14 10:31:10 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
    [2011/10/13 18:11:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/13 18:09:53 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
    [2011/10/13 12:03:34 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
    [2011/10/13 08:31:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
    [2011/10/08 10:53:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
    [2011/10/03 13:39:20 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
    [2011/09/28 14:45:42 | 003,052,387 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
    [2011/09/28 13:41:43 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [2011/09/28 13:35:19 | 000,327,348 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
    [2011/09/28 13:27:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/09/27 15:13:48 | 000,077,521 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
    [2011/09/15 16:38:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

    ========== Files Created - No Company Name ==========

    [2011/10/13 21:30:47 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
    [2011/10/13 18:11:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/13 18:09:51 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
    [2011/10/08 10:53:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
    [2011/10/03 13:36:43 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R2D2- LIBRARY- ALL REFS 29Aug2011 Copy Copy Copy.enl
    [2011/09/29 13:27:14 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\R2D2- all.refs Note7, aug29.enl
    [2011/09/29 10:48:03 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
    [2011/09/28 14:45:42 | 003,052,387 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
    [2011/09/28 13:41:43 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2011/09/28 13:35:19 | 000,327,348 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
    [2011/09/27 15:13:48 | 000,077,521 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
    [2010/03/09 14:26:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
    [2009/11/17 12:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2007/09/05 14:54:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\fusioncache.dat
    [2007/06/25 14:23:50 | 000,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
    [2007/06/25 14:23:39 | 000,001,359 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
    [2007/06/25 14:19:34 | 000,093,585 | ---- | C] () -- C:\WINDOWS\hppins03.dat
    [2007/06/25 14:19:34 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
    [2007/06/25 11:08:57 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
    [2007/06/25 11:08:57 | 000,000,526 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
    [2007/06/23 11:15:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
    [2007/06/23 11:10:16 | 000,093,474 | ---- | C] () -- C:\WINDOWS\hppins03.dat.temp
    [2007/06/23 11:10:16 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat.temp
    [2007/03/16 15:33:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
    [2006/12/02 11:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
    [2006/09/20 13:38:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
    [2006/09/20 13:38:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
    [2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
    [2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
    [2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
    [2006/08/28 14:04:31 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
    [2006/08/28 14:04:31 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
    [2006/08/24 12:15:21 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/07/10 13:11:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/07/10 13:10:48 | 000,307,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2006/07/10 12:42:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/07/10 12:32:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/07/10 12:27:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/04 13:00:00 | 000,383,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/04 13:00:00 | 000,053,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

    ========== LOP Check ==========

    [2009/12/21 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
    [2010/03/09 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
    [2010/03/09 14:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
    [2011/10/03 13:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\EndNote
    [2007/11/28 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Leadertech
    [2010/09/20 13:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\MSNInstaller
    [2009/12/21 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Tatara Systems

    ========== Purity Check ==========



    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Delete your Combofix file, download fresh one and see if it'll run now.
  22. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    combofix

    Copying it to the desktop from USB stick still gets "Access Denied"
    IE now has an address bar. Pasting in the download url and pressing enter returns a blank page. Ditto with the techspot address. Clicking on the link in the email doesn't open IE.

    Creating an Internet shortcut on the desktop with the address creates a Chrome icon. Chrome doesn't open when I double click the icon. Changing the HTML file association to IE doesn't change the icon to an IE one and it still doesn't open anything when double clicked.

    The google search page still appears when IE is started but searches return a blank page. Sometimes search results appear but clicking on them produces "Internet Explorer cannot open the page"

    Typing an IP address does open the page but navigation of the site is impossible and using the whole URL with just the .......com replaced by the ip doesn't work.

    I can copy other things to the desktop. I'm mindful of your instruction not to rename combofix unless instructed so I haven't done that yet.
  23. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Lets run the following tool. This will help determine which files need permissions restored.

    Please download and save Junction.zip

    Unzip it and place Junction.exe in the Windows directory (C:\Windows).
    Go to Start>Run (Vista and Windows 7 users use "Start search" box).
    Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system.
    Wait until a log file opens.
    Copy and paste the log in your next reply.
  24. tatterjack

    tatterjack TS Rookie Topic Starter Posts: 75

    Junction log

    Junction v1.06 - Windows junction creator and reparse point viewer
    Copyright (C) 2000-2010 Mark Russinovich
    Sysinternals - www.sysinternals.com


    Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ..
    Failed to open \\?\c:\\System Volume Information\MountPointManagerRemoteDatabase: Access is denied.


    .

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    No reparse points found.
  25. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Please download GrantPerms.zip and save it to your desktop.
    Unzip the file and depending on the system run GrantPerms.exe (32-bit system) or GrantPerms64.exe (64-bit system)
    Copy and paste the following in the edit box:

    Code:
    c:\\System Volume Information\MountPointManagerRemoteDatabase
    
    Click Unlock. When it is done click "OK".
    Click List Permissions and post the result of Perms.txt file that pops up.
    A copy of Perms.txt will be saved in the same directory the tool is run.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.