Solved Google redirect, AV & IE damage

T

tatterjack

Posts: 75   +0
OS: XP Pro SP3
H/W: Dell Optiplex GX620
RAM: 2G

Symptoms:
=========

IE8 running very slowly and freezing
Clicking on a Google search result in IE 8 or chrome redirects randomly ie some work OK, others go to eg freeads.co.uk
Floppy light comes on sporadically (no floppy in drive)
Desktop icons don't appear
(Task Manager\Start Explorer brings them up immediately)
McAfee icon vanished from notification area
Sometimes all icons vanished from Notification area
Starting McAfee brings up blank window
Pdf file association set to Word
Opening Adobe Reader 8 errors:
"Invalid Plugin detected"
"ciceroUiWndframe: Acrord32.exe - application error"
then it closes

Some USB drives get files and folders added:
autorun.inf file
containing only 1 line "RMN" in bold
Recycler folder
S-1-5-.... folder
Many copies of randomly named exe's and cpl's with quill and inkwell icon
Copy of shortcut (1) etc appear and disappear

If not connected to Internet a "cannot connect box" regularly appears.

In Device Manger;
Cisco systems VPN Adapter is disabled
The following are not installed
SM Bus controller
Video controller
Video controller (VGA compatible)
(I can't tell if these occured at the same time as the infection)

All system restore checkpoints older than today have vanished though they appear in the SR GUI.
If one is selected it goes through the process of restoring but when it reboots says it was unsuccessfull.

Safemode appears to start loading but then reboots.

History:
========
I made attempts at fixing this myself and discovered a number of the offending modules and their load points which I can list if necessary. Before I did I took a Driveimage. At one point AVG deleted a large number of modules which prevented programs running so I restored from the driveimage. Hence the situation now is as if I had run nothing but the recommended programs

6 steps
=======
1) Mcshield is still running thought the Gui is blank so I have not installed any other AV
2) MBAM log pasted below
3) GMER log pasted below but I have no access to Mcafee so cannot turn off real-time scanning and cannot end the mcshield process (access denied)
4) DDS runs and after some text starts a line of "###" After 5 minutes this line does not increase beyond 42 "#" (I may be 1 or 2 out). As above if McAfee is blocking scripting I cannot turn it off. After about 10 minutes I x'd out of it. No logs were produced as far as I can see.
5) Logs

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7939

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/13/2011 6:24:50 PM
mbam-log-2011-10-13 (18-24-50).txt

Scan type: Quick scan
Objects scanned: 159551
Time elapsed: 9 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XWWWVA1IXG8V0D5JNDMVGRPUU (Trojan.FakeAlert) -> Value: XWWWVA1IXG8V0D5JNDMVGRPUU -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LmlLhkfv (Trojan.Downloader.H) -> Value: LmlLhkfv -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LmlLhkfv (Trojan.Downloader.H) -> Value: LmlLhkfv -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4CVWUJ9F5Y6JUCUDSR (Trojan.SpyEyes) -> Value: 4CVWUJ9F5Y6JUCUDSR -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\syst63e.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\servi3e.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
c:\servi3e.bin\a7350d824c5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\russell dobash\local settings\application data\dgtvwkvi\lmllhkfv.exe (Trojan.Downloader.H) -> Delete on reboot.
c:\documents and settings\russell dobash\start menu\programs\startup\lmllhkfv.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\windows\system32\config\systemprofile\start menu\programs\startup\lmllhkfv.exe (Trojan.Downloader.H) -> Delete on reboot.
c:\documents and settings\russell dobash\local settings\Temp\5575.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\russell dobash\local settings\Temp\drggmmefohcljxih.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\documents and settings\russell dobash\local settings\Temp\wpbt0.dll (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\drggmmefohcljxih.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\syst63e.bin\55389fbad09f175 (Trojan.SpyEyes) -> Quarantined and deleted successfully.
c:\servi3e.bin\bdb02f65d09f175 (Trojan.SpyEyes) -> Quarantined and deleted successfully.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-13 21:32:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3160812AS rev.3.ADH
Running: jwcnqywc.exe; Driver: C:\DOCUME~1\RUSSEL~1\LOCALS~1\Temp\kwkiraod.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9EAF0F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9EAF120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9EAF176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9EAF0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9EAF0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9EAF10A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9EAF14C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9EAF136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9EAF1A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9EAF18C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9EAF160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:136] 8A6550F9
Thread System [4:1408] 896E2B90

---- EOF - GMER 1.0.15 ----
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Tdskiller Report

Hi Broni,

Many thanks for your reply. I'm on UK time hence the delay.

Here is the TDSSKiller report


10:49:44.0656 2064 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
10:49:45.0843 2064 ============================================================
10:49:45.0843 2064 Current date / time: 2011/10/14 10:49:45.0843
10:49:45.0843 2064 SystemInfo:
10:49:45.0843 2064
10:49:45.0843 2064 OS Version: 5.1.2600 ServicePack: 3.0
10:49:45.0843 2064 Product type: Workstation
10:49:45.0843 2064 ComputerName: UNIVERSI-2DDE3C
10:49:45.0843 2064 UserName: Russell Dobash
10:49:45.0843 2064 Windows directory: C:\WINDOWS
10:49:45.0843 2064 System windows directory: C:\WINDOWS
10:49:45.0843 2064 Processor architecture: Intel x86
10:49:45.0843 2064 Number of processors: 2
10:49:45.0843 2064 Page size: 0x1000
10:49:45.0843 2064 Boot type: Normal boot
10:49:45.0843 2064 ============================================================
10:49:46.0343 2064 Initialize success
10:49:53.0093 0260 ============================================================
10:49:53.0093 0260 Scan started
10:49:53.0093 0260 Mode: Manual;
10:49:53.0093 0260 ============================================================
10:49:53.0484 0260 Abiosdsk - ok
10:49:53.0531 0260 abp480n5 - ok
10:49:53.0609 0260 ACPI (d8fb7d1c3f5bfa3f53fe9cc6367e9e99) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:49:53.0609 0260 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ACPI.sys. Real md5: d8fb7d1c3f5bfa3f53fe9cc6367e9e99, Fake md5: 8fd99680a539792a30e97944fdaecf17
10:49:53.0609 0260 ACPI ( Virus.Win32.Rloader.a ) - infected
10:49:53.0609 0260 ACPI - detected Virus.Win32.Rloader.a (0)
10:49:53.0671 0260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
10:49:53.0671 0260 ACPIEC - ok
10:49:53.0703 0260 adpu160m - ok
10:49:53.0781 0260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:49:53.0781 0260 aec - ok
10:49:53.0843 0260 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:49:53.0890 0260 AegisP - ok
10:49:53.0937 0260 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
10:49:54.0000 0260 AFD - ok
10:49:54.0015 0260 Aha154x - ok
10:49:54.0031 0260 aic78u2 - ok
10:49:54.0062 0260 aic78xx - ok
10:49:54.0140 0260 AliIde - ok
10:49:54.0171 0260 amsint - ok
10:49:54.0218 0260 asc - ok
10:49:54.0250 0260 asc3350p - ok
10:49:54.0281 0260 asc3550 - ok
10:49:54.0390 0260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:49:54.0390 0260 AsyncMac - ok
10:49:54.0421 0260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:49:54.0421 0260 atapi - ok
10:49:54.0437 0260 Atdisk - ok
10:49:54.0500 0260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:49:54.0515 0260 Atmarpc - ok
10:49:54.0578 0260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:49:54.0593 0260 audstub - ok
10:49:54.0656 0260 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
10:49:54.0734 0260 b57w2k - ok
10:49:54.0765 0260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:49:54.0781 0260 Beep - ok
10:49:54.0828 0260 Bonifay (c0152e77307de863ebf6c728cf0a771d) C:\WINDOWS\system32\DRIVERS\Bonifay.sys
10:49:54.0890 0260 Bonifay - ok
10:49:54.0968 0260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:49:54.0984 0260 cbidf2k - ok
10:49:54.0984 0260 cd20xrnt - ok
10:49:55.0062 0260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:49:55.0062 0260 Cdaudio - ok
10:49:55.0109 0260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:49:55.0109 0260 Cdfs - ok
10:49:55.0140 0260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:49:55.0140 0260 Cdrom - ok
10:49:55.0203 0260 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
10:49:55.0203 0260 cfwids - ok
10:49:55.0218 0260 Changer - ok
10:49:55.0281 0260 CmdIde - ok
10:49:55.0343 0260 Cpqarray - ok
10:49:55.0390 0260 csmbrqkp - ok
10:49:55.0453 0260 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
10:49:55.0500 0260 CVirtA - ok
10:49:55.0578 0260 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
10:49:55.0640 0260 CVPNDRVA - ok
10:49:55.0656 0260 dac2w2k - ok
10:49:55.0687 0260 dac960nt - ok
10:49:55.0765 0260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:49:55.0765 0260 Disk - ok
10:49:55.0843 0260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:49:55.0859 0260 dmboot - ok
10:49:55.0875 0260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:49:55.0906 0260 dmio - ok
10:49:55.0937 0260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:49:55.0937 0260 dmload - ok
10:49:56.0000 0260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:49:56.0000 0260 DMusic - ok
10:49:56.0046 0260 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
10:49:56.0109 0260 DNE - ok
10:49:56.0203 0260 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
10:49:56.0203 0260 Dot4 - ok
10:49:56.0250 0260 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
10:49:56.0312 0260 Dot4Print - ok
10:49:56.0343 0260 dpti2o - ok
10:49:56.0406 0260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:49:56.0406 0260 drmkaud - ok
10:49:56.0484 0260 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
10:49:56.0531 0260 ElbyCDIO - ok
10:49:56.0593 0260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:49:56.0609 0260 Fastfat - ok
10:49:56.0656 0260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
10:49:56.0656 0260 Fdc - ok
10:49:56.0687 0260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:49:56.0703 0260 Fips - ok
10:49:56.0718 0260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
10:49:56.0718 0260 Flpydisk - ok
10:49:56.0781 0260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:49:56.0781 0260 FltMgr - ok
10:49:56.0812 0260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:49:56.0812 0260 Fs_Rec - ok
10:49:56.0828 0260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:49:56.0843 0260 Ftdisk - ok
10:49:56.0875 0260 Gonzales (673d63add112dce1ea58a4e418eddb86) C:\WINDOWS\system32\DRIVERS\Gonzales.sys
10:49:56.0937 0260 Gonzales - ok
10:49:57.0000 0260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:49:57.0015 0260 Gpc - ok
10:49:57.0109 0260 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:49:57.0109 0260 hidusb - ok
10:49:57.0156 0260 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
10:49:57.0218 0260 HPFXBULK - ok
10:49:57.0234 0260 hpn - ok
10:49:57.0296 0260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:49:57.0296 0260 HTTP - ok
10:49:57.0390 0260 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
10:49:57.0500 0260 hwdatacard - ok
10:49:57.0578 0260 i2omgmt - ok
10:49:57.0609 0260 i2omp - ok
10:49:57.0656 0260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
10:49:57.0671 0260 i8042prt - ok
10:49:57.0734 0260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:49:57.0750 0260 Imapi - ok
10:49:57.0781 0260 ini910u - ok
10:49:57.0812 0260 IntelIde - ok
10:49:57.0859 0260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:49:57.0875 0260 intelppm - ok
10:49:57.0906 0260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:49:57.0921 0260 Ip6Fw - ok
10:49:57.0968 0260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:49:57.0984 0260 IpFilterDriver - ok
10:49:58.0046 0260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:49:58.0062 0260 IpInIp - ok
10:49:58.0093 0260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:49:58.0109 0260 IpNat - ok
10:49:58.0156 0260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:49:58.0156 0260 IPSec - ok
10:49:58.0187 0260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:49:58.0187 0260 IRENUM - ok
10:49:58.0250 0260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:49:58.0250 0260 isapnp - ok
10:49:58.0281 0260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:49:58.0296 0260 Kbdclass - ok
10:49:58.0312 0260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:49:58.0312 0260 kbdhid - ok
10:49:58.0375 0260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:49:58.0375 0260 kmixer - ok
10:49:58.0421 0260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:49:58.0437 0260 KSecDD - ok
10:49:58.0468 0260 lbrtfdc - ok
10:49:58.0531 0260 MBAMSwissArmy - ok
10:49:58.0718 0260 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
10:49:58.0781 0260 mfeapfk - ok
10:49:58.0828 0260 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
10:49:58.0890 0260 mfeavfk - ok
10:49:58.0906 0260 mfeavfk01 - ok
10:49:58.0953 0260 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
10:49:59.0015 0260 mfebopk - ok
10:49:59.0093 0260 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
10:49:59.0171 0260 mfefirek - ok
10:49:59.0234 0260 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
10:49:59.0312 0260 mfehidk - ok
10:49:59.0359 0260 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
10:49:59.0421 0260 mfendisk - ok
10:49:59.0453 0260 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
10:49:59.0453 0260 mfendiskmp - ok
10:49:59.0484 0260 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
10:49:59.0546 0260 mferkdet - ok
10:49:59.0609 0260 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
10:49:59.0671 0260 mfetdi2k - ok
10:49:59.0781 0260 Micorsoft Windows Service - ok
10:49:59.0828 0260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:49:59.0843 0260 mnmdd - ok
10:49:59.0906 0260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:49:59.0906 0260 Modem - ok
10:49:59.0953 0260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:49:59.0953 0260 Mouclass - ok
10:49:59.0984 0260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:50:00.0000 0260 mouhid - ok
10:50:00.0031 0260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:50:00.0031 0260 MountMgr - ok
10:50:00.0046 0260 mraid35x - ok
10:50:00.0078 0260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:50:00.0109 0260 MRxDAV - ok
10:50:00.0140 0260 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:50:00.0281 0260 MRxSmb - ok
10:50:00.0343 0260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:50:00.0359 0260 Msfs - ok
10:50:00.0406 0260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:50:00.0421 0260 MSKSSRV - ok
10:50:00.0453 0260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:50:00.0453 0260 MSPCLOCK - ok
10:50:00.0484 0260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:50:00.0484 0260 MSPQM - ok
10:50:00.0546 0260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:50:00.0546 0260 mssmbios - ok
10:50:00.0593 0260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:50:00.0656 0260 Mup - ok
10:50:00.0718 0260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:50:00.0718 0260 NDIS - ok
10:50:00.0765 0260 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:50:00.0812 0260 NdisTapi - ok
10:50:00.0875 0260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:50:00.0890 0260 Ndisuio - ok
10:50:00.0906 0260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:50:00.0921 0260 NdisWan - ok
10:50:00.0968 0260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:50:01.0031 0260 NDProxy - ok
10:50:01.0078 0260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:50:01.0093 0260 NetBIOS - ok
10:50:01.0125 0260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:50:01.0125 0260 NetBT - ok
10:50:01.0218 0260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:50:01.0234 0260 Npfs - ok
10:50:01.0296 0260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:50:01.0312 0260 Ntfs - ok
10:50:01.0375 0260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:50:01.0390 0260 Null - ok
10:50:01.0437 0260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:50:01.0437 0260 NwlnkFlt - ok
10:50:01.0484 0260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:50:01.0484 0260 NwlnkFwd - ok
10:50:01.0578 0260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:50:01.0578 0260 Parport - ok
10:50:01.0609 0260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:50:01.0625 0260 PartMgr - ok
10:50:01.0687 0260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:50:01.0687 0260 ParVdm - ok
10:50:01.0718 0260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:50:01.0718 0260 PCI - ok
10:50:01.0750 0260 PCIDump - ok
10:50:01.0796 0260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:50:01.0812 0260 PCIIde - ok
10:50:01.0843 0260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:50:01.0859 0260 Pcmcia - ok
10:50:01.0875 0260 PDCOMP - ok
10:50:01.0921 0260 PDFRAME - ok
10:50:01.0953 0260 PDRELI - ok
10:50:01.0984 0260 PDRFRAME - ok
10:50:02.0015 0260 perc2 - ok
10:50:02.0062 0260 perc2hib - ok
10:50:02.0156 0260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:50:02.0171 0260 PptpMiniport - ok
10:50:02.0203 0260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:50:02.0218 0260 PSched - ok
10:50:02.0296 0260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:50:02.0312 0260 Ptilink - ok
10:50:02.0328 0260 ql1080 - ok
10:50:02.0359 0260 Ql10wnt - ok
10:50:02.0375 0260 ql12160 - ok
10:50:02.0406 0260 ql1240 - ok
10:50:02.0421 0260 ql1280 - ok
10:50:02.0468 0260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:50:02.0500 0260 RasAcd - ok
10:50:02.0781 0260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:50:02.0796 0260 Rasl2tp - ok
10:50:02.0828 0260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:50:02.0843 0260 RasPppoe - ok
10:50:02.0875 0260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:50:02.0875 0260 Raspti - ok
10:50:02.0906 0260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:50:02.0921 0260 Rdbss - ok
10:50:02.0953 0260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:50:02.0953 0260 RDPCDD - ok
10:50:02.0984 0260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:50:02.0984 0260 rdpdr - ok
10:50:03.0062 0260 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:50:03.0187 0260 RDPWD - ok
10:50:03.0265 0260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:50:03.0265 0260 redbook - ok
10:50:03.0375 0260 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
10:50:03.0437 0260 RT73 - ok
10:50:03.0546 0260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:50:03.0562 0260 Secdrv - ok
10:50:03.0640 0260 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
10:50:03.0640 0260 senfilt - ok
10:50:03.0687 0260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
10:50:03.0703 0260 serenum - ok
10:50:03.0718 0260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
10:50:03.0734 0260 Serial - ok
10:50:03.0750 0260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:50:03.0765 0260 Sfloppy - ok
10:50:03.0812 0260 Simbad - ok
10:50:03.0859 0260 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
10:50:03.0875 0260 smwdm - ok
10:50:03.0890 0260 Sparrow - ok
10:50:03.0953 0260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:50:03.0953 0260 splitter - ok
10:50:04.0015 0260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:50:04.0015 0260 sr - ok
10:50:04.0078 0260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:50:04.0156 0260 Srv - ok
10:50:04.0203 0260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:50:04.0203 0260 swenum - ok
10:50:04.0234 0260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:50:04.0234 0260 swmidi - ok
10:50:04.0281 0260 symc810 - ok
10:50:04.0328 0260 symc8xx - ok
10:50:04.0359 0260 sym_hi - ok
10:50:04.0390 0260 sym_u3 - ok
10:50:04.0453 0260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:50:04.0453 0260 sysaudio - ok
10:50:04.0531 0260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:50:04.0546 0260 Tcpip - ok
10:50:04.0578 0260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:50:04.0593 0260 TDPIPE - ok
10:50:04.0625 0260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:50:04.0640 0260 TDTCP - ok
10:50:04.0671 0260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:50:04.0671 0260 TermDD - ok
10:50:04.0718 0260 TosIde - ok
10:50:04.0812 0260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:50:04.0812 0260 Udfs - ok
10:50:04.0828 0260 ultra - ok
10:50:04.0906 0260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:50:04.0921 0260 Update - ok
10:50:04.0984 0260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:50:04.0984 0260 usbccgp - ok
10:50:05.0015 0260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:50:05.0015 0260 usbehci - ok
10:50:05.0046 0260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:50:05.0046 0260 usbhub - ok
10:50:05.0078 0260 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:50:05.0093 0260 usbprint - ok
10:50:05.0140 0260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:50:05.0156 0260 USBSTOR - ok
10:50:05.0187 0260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:50:05.0203 0260 usbuhci - ok
10:50:05.0250 0260 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\WINDOWS\system32\DRIVERS\VClone.sys
10:50:05.0375 0260 VClone - ok
10:50:05.0406 0260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:50:05.0421 0260 VgaSave - ok
10:50:05.0453 0260 ViaIde - ok
10:50:05.0484 0260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:50:05.0500 0260 VolSnap - ok
10:50:05.0546 0260 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
10:50:05.0609 0260 vsdatant - ok
10:50:05.0687 0260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:50:05.0687 0260 Wanarp - ok
10:50:05.0718 0260 WDICA - ok
10:50:05.0765 0260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:50:05.0781 0260 wdmaud - ok
10:50:06.0015 0260 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:50:06.0125 0260 \Device\Harddisk0\DR0 - ok
10:50:06.0140 0260 Boot (0x1200) (e6b55c23be86f137bd054ea55b406768) \Device\Harddisk0\DR0\Partition0
10:50:06.0140 0260 \Device\Harddisk0\DR0\Partition0 - ok
10:50:06.0156 0260 ============================================================
10:50:06.0156 0260 Scan finished
10:50:06.0156 0260 ============================================================
10:50:06.0187 0808 Detected object count: 1
10:50:06.0187 0808 Actual detected object count: 1
10:51:04.0734 0808 Backup copy found, using it..
10:51:04.0765 0808 C:\WINDOWS\system32\DRIVERS\ACPI.sys - will be cured on reboot
10:51:04.0765 0808 ACPI ( Virus.Win32.Rloader.a ) - User select action: Cure
10:51:18.0406 3980 Deinitialize success
 
2nd Tdsskiller report

Here it is:


18:09:03.0875 2644 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
18:09:04.0906 2644 ============================================================
18:09:04.0906 2644 Current date / time: 2011/10/14 18:09:04.0906
18:09:04.0906 2644 SystemInfo:
18:09:04.0906 2644
18:09:04.0906 2644 OS Version: 5.1.2600 ServicePack: 3.0
18:09:04.0906 2644 Product type: Workstation
18:09:04.0906 2644 ComputerName: UNIVERSI-2DDE3C
18:09:04.0906 2644 UserName: Russell Dobash
18:09:04.0906 2644 Windows directory: C:\WINDOWS
18:09:04.0906 2644 System windows directory: C:\WINDOWS
18:09:04.0906 2644 Processor architecture: Intel x86
18:09:04.0906 2644 Number of processors: 2
18:09:04.0906 2644 Page size: 0x1000
18:09:04.0906 2644 Boot type: Normal boot
18:09:04.0906 2644 ============================================================
18:09:05.0390 2644 Initialize success
18:09:08.0656 3312 ============================================================
18:09:08.0656 3312 Scan started
18:09:08.0656 3312 Mode: Manual;
18:09:08.0656 3312 ============================================================
18:09:09.0109 3312 Abiosdsk - ok
18:09:09.0125 3312 abp480n5 - ok
18:09:09.0234 3312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:09:09.0234 3312 ACPI - ok
18:09:09.0421 3312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:09:09.0437 3312 ACPIEC - ok
18:09:09.0531 3312 adpu160m - ok
18:09:09.0640 3312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:09:09.0703 3312 aec - ok
18:09:09.0765 3312 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:09:09.0765 3312 AegisP - ok
18:09:09.0859 3312 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
18:09:09.0875 3312 AFD - ok
18:09:09.0968 3312 Aha154x - ok
18:09:10.0078 3312 aic78u2 - ok
18:09:10.0187 3312 aic78xx - ok
18:09:10.0312 3312 AliIde - ok
18:09:10.0375 3312 amsint - ok
18:09:10.0437 3312 asc - ok
18:09:10.0468 3312 asc3350p - ok
18:09:10.0500 3312 asc3550 - ok
18:09:10.0687 3312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:09:10.0703 3312 AsyncMac - ok
18:09:10.0765 3312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:09:10.0765 3312 atapi - ok
18:09:10.0781 3312 Atdisk - ok
18:09:10.0843 3312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:09:10.0859 3312 Atmarpc - ok
18:09:11.0234 3312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:09:11.0250 3312 audstub - ok
18:09:11.0515 3312 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:09:11.0531 3312 b57w2k - ok
18:09:11.0640 3312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:09:11.0640 3312 Beep - ok
18:09:11.0812 3312 Bonifay (c0152e77307de863ebf6c728cf0a771d) C:\WINDOWS\system32\DRIVERS\Bonifay.sys
18:09:11.0812 3312 Bonifay - ok
18:09:11.0921 3312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:09:11.0937 3312 cbidf2k - ok
18:09:12.0000 3312 cd20xrnt - ok
18:09:12.0125 3312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:09:12.0140 3312 Cdaudio - ok
18:09:12.0328 3312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:09:12.0343 3312 Cdfs - ok
18:09:12.0390 3312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:09:12.0390 3312 Cdrom - ok
18:09:12.0453 3312 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
18:09:12.0515 3312 cfwids - ok
18:09:12.0578 3312 Changer - ok
18:09:12.0625 3312 CmdIde - ok
18:09:12.0687 3312 Cpqarray - ok
18:09:12.0796 3312 csmbrqkp - ok
18:09:12.0968 3312 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
18:09:13.0000 3312 CVirtA - ok
18:09:13.0093 3312 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
18:09:13.0093 3312 CVPNDRVA - ok
18:09:13.0109 3312 dac2w2k - ok
18:09:13.0187 3312 dac960nt - ok
18:09:13.0531 3312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:09:13.0593 3312 Disk - ok
18:09:13.0890 3312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:09:14.0156 3312 dmboot - ok
18:09:14.0218 3312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:09:14.0265 3312 dmio - ok
18:09:14.0296 3312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:09:14.0296 3312 dmload - ok
18:09:14.0375 3312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:09:14.0390 3312 DMusic - ok
18:09:14.0546 3312 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
18:09:14.0546 3312 DNE - ok
18:09:14.0750 3312 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
18:09:14.0812 3312 Dot4 - ok
18:09:14.0937 3312 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
18:09:14.0937 3312 Dot4Print - ok
18:09:15.0031 3312 dpti2o - ok
18:09:15.0140 3312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:09:15.0140 3312 drmkaud - ok
18:09:15.0250 3312 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
18:09:15.0250 3312 ElbyCDIO - ok
18:09:15.0328 3312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:09:15.0328 3312 Fastfat - ok
18:09:15.0390 3312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:09:15.0390 3312 Fdc - ok
18:09:15.0406 3312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:09:15.0406 3312 Fips - ok
18:09:15.0468 3312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:09:15.0468 3312 Flpydisk - ok
18:09:15.0500 3312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:09:15.0500 3312 FltMgr - ok
18:09:15.0515 3312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:09:15.0515 3312 Fs_Rec - ok
18:09:15.0546 3312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:09:15.0546 3312 Ftdisk - ok
18:09:15.0625 3312 Gonzales (673d63add112dce1ea58a4e418eddb86) C:\WINDOWS\system32\DRIVERS\Gonzales.sys
18:09:15.0625 3312 Gonzales - ok
18:09:15.0671 3312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:09:15.0703 3312 Gpc - ok
18:09:15.0781 3312 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:09:15.0796 3312 hidusb - ok
18:09:16.0093 3312 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
18:09:16.0093 3312 HPFXBULK - ok
18:09:16.0234 3312 hpn - ok
18:09:16.0421 3312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:09:16.0468 3312 HTTP - ok
18:09:16.0687 3312 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
18:09:16.0687 3312 hwdatacard - ok
18:09:16.0796 3312 i2omgmt - ok
18:09:16.0828 3312 i2omp - ok
18:09:16.0937 3312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
18:09:16.0937 3312 i8042prt - ok
18:09:17.0000 3312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:09:17.0000 3312 Imapi - ok
18:09:17.0062 3312 ini910u - ok
18:09:17.0109 3312 IntelIde - ok
18:09:17.0171 3312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:09:17.0171 3312 intelppm - ok
18:09:17.0234 3312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:09:17.0234 3312 Ip6Fw - ok
18:09:17.0281 3312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:09:17.0281 3312 IpFilterDriver - ok
18:09:17.0312 3312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:09:17.0312 3312 IpInIp - ok
18:09:17.0359 3312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:09:17.0375 3312 IpNat - ok
18:09:17.0390 3312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:09:17.0390 3312 IPSec - ok
18:09:17.0421 3312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:09:17.0421 3312 IRENUM - ok
18:09:17.0468 3312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:09:17.0468 3312 isapnp - ok
18:09:17.0500 3312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:09:17.0500 3312 Kbdclass - ok
18:09:17.0531 3312 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:09:17.0531 3312 kbdhid - ok
18:09:17.0625 3312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:09:17.0625 3312 kmixer - ok
18:09:17.0687 3312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:09:17.0687 3312 KSecDD - ok
18:09:17.0859 3312 lbrtfdc - ok
18:09:17.0968 3312 MBAMSwissArmy - ok
18:09:18.0406 3312 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
18:09:18.0406 3312 mfeapfk - ok
18:09:18.0750 3312 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
18:09:18.0750 3312 mfeavfk - ok
18:09:18.0875 3312 mfeavfk01 - ok
18:09:18.0984 3312 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
18:09:18.0984 3312 mfebopk - ok
18:09:19.0187 3312 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
18:09:19.0187 3312 mfefirek - ok
18:09:19.0328 3312 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
18:09:19.0343 3312 mfehidk - ok
18:09:19.0453 3312 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:09:19.0453 3312 mfendisk - ok
18:09:19.0453 3312 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
18:09:19.0468 3312 mfendiskmp - ok
18:09:19.0546 3312 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
18:09:19.0578 3312 mferkdet - ok
18:09:19.0593 3312 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
18:09:19.0593 3312 mfetdi2k - ok
18:09:19.0671 3312 Micorsoft Windows Service - ok
18:09:19.0781 3312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:09:19.0796 3312 mnmdd - ok
18:09:19.0875 3312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:09:19.0875 3312 Modem - ok
18:09:19.0906 3312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:09:19.0906 3312 Mouclass - ok
18:09:19.0984 3312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:09:19.0984 3312 mouhid - ok
18:09:20.0031 3312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:09:20.0031 3312 MountMgr - ok
18:09:20.0078 3312 mraid35x - ok
18:09:20.0156 3312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:09:20.0171 3312 MRxDAV - ok
18:09:20.0281 3312 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:09:20.0281 3312 MRxSmb - ok
18:09:20.0375 3312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:09:20.0375 3312 Msfs - ok
18:09:20.0468 3312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:09:20.0484 3312 MSKSSRV - ok
18:09:20.0546 3312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:09:20.0546 3312 MSPCLOCK - ok
18:09:20.0578 3312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:09:20.0578 3312 MSPQM - ok
18:09:20.0671 3312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:09:20.0687 3312 mssmbios - ok
18:09:20.0968 3312 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:09:20.0968 3312 Mup - ok
18:09:21.0156 3312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:09:21.0156 3312 NDIS - ok
18:09:21.0234 3312 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:09:21.0234 3312 NdisTapi - ok
18:09:21.0328 3312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:09:21.0328 3312 Ndisuio - ok
18:09:21.0359 3312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:09:21.0375 3312 NdisWan - ok
18:09:21.0421 3312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:09:21.0421 3312 NDProxy - ok
18:09:21.0453 3312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:09:21.0453 3312 NetBIOS - ok
18:09:21.0515 3312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:09:21.0515 3312 NetBT - ok
18:09:21.0593 3312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:09:21.0593 3312 Npfs - ok
18:09:21.0640 3312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:09:21.0671 3312 Ntfs - ok
18:09:21.0734 3312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:09:21.0734 3312 Null - ok
18:09:21.0796 3312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:09:21.0812 3312 NwlnkFlt - ok
18:09:21.0859 3312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:09:21.0859 3312 NwlnkFwd - ok
18:09:22.0000 3312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:09:22.0015 3312 Parport - ok
18:09:22.0078 3312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:09:22.0078 3312 PartMgr - ok
18:09:22.0171 3312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:09:22.0171 3312 ParVdm - ok
18:09:22.0234 3312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:09:22.0234 3312 PCI - ok
18:09:22.0250 3312 PCIDump - ok
18:09:22.0312 3312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:09:22.0312 3312 PCIIde - ok
18:09:22.0421 3312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:09:22.0421 3312 Pcmcia - ok
18:09:22.0468 3312 PDCOMP - ok
18:09:22.0531 3312 PDFRAME - ok
18:09:22.0640 3312 PDRELI - ok
18:09:22.0687 3312 PDRFRAME - ok
18:09:22.0781 3312 perc2 - ok
18:09:22.0890 3312 perc2hib - ok
18:09:23.0062 3312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:09:23.0062 3312 PptpMiniport - ok
18:09:23.0187 3312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:09:23.0218 3312 PSched - ok
18:09:23.0328 3312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:09:23.0328 3312 Ptilink - ok
18:09:23.0343 3312 ql1080 - ok
18:09:23.0359 3312 Ql10wnt - ok
18:09:23.0390 3312 ql12160 - ok
18:09:23.0437 3312 ql1240 - ok
18:09:23.0468 3312 ql1280 - ok
18:09:23.0515 3312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:09:23.0515 3312 RasAcd - ok
18:09:23.0578 3312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:09:23.0578 3312 Rasl2tp - ok
18:09:23.0640 3312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:09:23.0640 3312 RasPppoe - ok
18:09:23.0718 3312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:09:23.0718 3312 Raspti - ok
18:09:23.0796 3312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:09:23.0796 3312 Rdbss - ok
18:09:23.0843 3312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:09:23.0843 3312 RDPCDD - ok
18:09:23.0906 3312 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:09:23.0921 3312 rdpdr - ok
18:09:24.0000 3312 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:09:24.0015 3312 RDPWD - ok
18:09:24.0078 3312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:09:24.0078 3312 redbook - ok
18:09:24.0218 3312 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
18:09:24.0234 3312 RT73 - ok
18:09:24.0296 3312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:09:24.0296 3312 Secdrv - ok
18:09:24.0390 3312 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
18:09:24.0406 3312 senfilt - ok
18:09:24.0437 3312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:09:24.0437 3312 serenum - ok
18:09:24.0515 3312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:09:24.0515 3312 Serial - ok
18:09:24.0546 3312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:09:24.0546 3312 Sfloppy - ok
18:09:24.0593 3312 Simbad - ok
18:09:24.0703 3312 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
18:09:24.0703 3312 smwdm - ok
18:09:24.0750 3312 Sparrow - ok
18:09:24.0843 3312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:09:24.0843 3312 splitter - ok
18:09:24.0953 3312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:09:24.0953 3312 sr - ok
18:09:25.0031 3312 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:09:25.0046 3312 Srv - ok
18:09:25.0109 3312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:09:25.0109 3312 swenum - ok
18:09:25.0171 3312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:09:25.0187 3312 swmidi - ok
18:09:25.0281 3312 symc810 - ok
18:09:25.0531 3312 symc8xx - ok
18:09:25.0781 3312 sym_hi - ok
18:09:26.0031 3312 sym_u3 - ok
18:09:26.0140 3312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:09:26.0140 3312 sysaudio - ok
18:09:26.0296 3312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:09:26.0312 3312 Tcpip - ok
18:09:26.0390 3312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:09:26.0390 3312 TDPIPE - ok
18:09:26.0453 3312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:09:26.0453 3312 TDTCP - ok
18:09:26.0500 3312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:09:26.0500 3312 TermDD - ok
18:09:26.0546 3312 TosIde - ok
18:09:26.0625 3312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:09:26.0625 3312 Udfs - ok
18:09:26.0640 3312 ultra - ok
18:09:26.0687 3312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:09:26.0703 3312 Update - ok
18:09:26.0765 3312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:09:26.0781 3312 usbccgp - ok
18:09:26.0828 3312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:09:26.0828 3312 usbehci - ok
18:09:26.0890 3312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:09:26.0890 3312 usbhub - ok
18:09:26.0953 3312 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:09:26.0953 3312 usbprint - ok
18:09:27.0046 3312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:09:27.0046 3312 USBSTOR - ok
18:09:27.0125 3312 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:09:27.0125 3312 usbuhci - ok
18:09:27.0218 3312 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\WINDOWS\system32\DRIVERS\VClone.sys
18:09:27.0234 3312 VClone - ok
18:09:27.0250 3312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:09:27.0265 3312 VgaSave - ok
18:09:27.0281 3312 ViaIde - ok
18:09:27.0343 3312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:09:27.0359 3312 VolSnap - ok
18:09:27.0406 3312 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
18:09:27.0406 3312 vsdatant - ok
18:09:27.0484 3312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:09:27.0484 3312 Wanarp - ok
18:09:27.0500 3312 WDICA - ok
18:09:27.0625 3312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:09:27.0640 3312 wdmaud - ok
18:09:27.0890 3312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:09:28.0375 3312 \Device\Harddisk0\DR0 - ok
18:09:28.0390 3312 Boot (0x1200) (e6b55c23be86f137bd054ea55b406768) \Device\Harddisk0\DR0\Partition0
18:09:28.0390 3312 \Device\Harddisk0\DR0\Partition0 - ok
18:09:28.0390 3312 ============================================================
18:09:28.0390 3312 Scan finished
18:09:28.0390 3312 ============================================================
18:09:28.0437 3032 Detected object count: 0
18:09:28.0437 3032 Actual detected object count: 0
18:09:36.0203 3904 Deinitialize success
 
Good :)

How is redirection?

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
aswMBR log/Combofix problem

Google behaviour:
=================

IE8 opens OK to google.co.uk home page but where the address bar should be is transparent. Typing in eg Cats in the search box and then enter or click Google Search produced a blank page with Cats in the Google toobar search box, no results, "Done" in bottom left, and an unusual URL in the title bar.

Closed it with the red X and tried again this time got a list of results. Right clicking on one and clicking Open in New Tab produced no new tab, cursor remains a hand. Cannot red X out of it. Task Manager shows 4 iexplores. Ending the lowest process brought back the Google home page as before. This could be red X'd but left three iexplores in task manager.

Chrome doesn't open at all.

aswMBR
======
After clicking Yes to "Would you like to download latest Avast! virus definitions?"
got the message "Avast engine download error : 0"
clicked Scan and it continued. Report pasted below

combofix
========
Without reliable Internet access on the compromised machine I have been doing the downloads on another (Vista) machine and copying across via a USB stick. Sorry for not mentioning this. When I attempt to copy the downloaded combofix I get "Access Denied"

Without an address bar I can't even type or paste the URL in.

Also before I run it let me mention again that I have no access to the Mcafee gui.
In fact it now does not open at all so I cannot disable it.

I also ended the other iexplores via task manager and tried to copy combofix again with the same result.

Awaiting instructions

Thanks,

Graham.

aswMBR log
==========

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-14 18:58:32
-----------------------------
18:58:32.546 OS Version: Windows 5.1.2600 Service Pack 3
18:58:32.546 Number of processors: 2 586 0x407
18:58:32.546 ComputerName: UNIVERSI-2DDE3C UserName: Russell Dobash
18:58:32.953 Initialize success
18:58:50.953 AVAST engine download error: 0
19:01:05.296 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
19:01:05.312 Disk 0 Vendor: ST3160812AS 3.ADH Size: 152587MB BusType: 3
19:01:07.328 Disk 0 MBR read successfully
19:01:07.343 Disk 0 MBR scan
19:01:07.359 Disk 0 Windows XP default MBR code
19:01:07.390 Disk 0 scanning sectors +312480315
19:01:07.484 Disk 0 scanning C:\WINDOWS\system32\drivers
19:01:16.968 Service scanning
19:01:18.250 Modules scanning
19:01:35.046 Disk 0 trace - called modules:
19:01:35.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
19:01:35.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a572ab8]
19:01:35.125 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8a5cb030]
19:01:35.140 Scan finished successfully
19:02:02.437 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
19:02:02.468 The log file has been saved successfully to "F:\aswMBR.txt"
 
DDS 2nd attempt

DDS looks the same as last time, been running for 10 minutes, 42 "#" across the screen, not progressing any further, both CPU cores running at between 30 and 50%, Mcshield mostly.

Shall I kill it?
 
Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL.txt

OTL logfile created on: 10/14/2011 8:25:09 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Russell Dobash\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.36% Memory free
3.84 Gb Paging File | 3.34 Gb Available in Paging File | 86.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.92 Gb Total Space | 126.98 Gb Free Space | 85.27% Space Free | Partition Type: NTFS
Drive F: | 1001.25 Mb Total Space | 958.48 Mb Free Space | 95.73% Space Free | Partition Type: FAT32

Computer Name: UNIVERSI-2DDE3C | User Name: Russell Dobash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/14 20:21:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/10/12 14:56:44 | 000,164,384 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsMap.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/14 11:53:48 | 003,338,296 | ---- | M] (Freecom) -- C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
PRC - [2005/11/21 15:55:16 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
PRC - [2005/06/06 23:46:24 | 000,176,606 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/08 09:00:31 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_07258f3b\mscorlib.dll
MOD - [2010/10/08 09:00:24 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_da50a229\system.drawing.dll
MOD - [2010/10/06 18:14:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e27e83d9\system.xml.dll
MOD - [2010/10/06 18:14:08 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ccf464b8\system.windows.forms.dll
MOD - [2010/10/06 18:14:01 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2b2ee9d8\system.dll
MOD - [2010/10/06 18:13:53 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/10/06 18:13:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2009/11/17 12:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009/01/29 12:27:06 | 000,310,800 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saset.dll
MOD - [2009/01/29 12:27:04 | 000,652,304 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sacore.dll
MOD - [2009/01/29 12:27:02 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/01/29 12:27:00 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/01/29 12:26:58 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2009/01/23 10:46:22 | 000,351,248 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
MOD - [2009/01/23 10:46:14 | 000,056,336 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
MOD - [2007/12/02 13:22:33 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2007/12/02 13:22:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/12/02 13:22:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/12/02 13:22:30 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/12/02 13:22:30 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2005/08/10 15:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll
MOD - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
MOD - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
MOD - [2003/10/08 11:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll
MOD - [2003/06/30 15:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll
MOD - [2002/10/03 11:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll
MOD - [2002/04/09 07:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/10/07 13:01:04 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/12/13 15:10:00 | 000,007,040 | ---- | M] (Freecom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gonzales.sys -- (Gonzales)
DRV - [2005/11/28 21:55:46 | 000,012,160 | ---- | M] (Freecom) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Bonifay.sys -- (Bonifay)
DRV - [2005/09/20 11:22:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 74 E1 15 8A 27 CC 01 [binary data]
IE - HKU\S-1-5-21-725345543-1482476501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/10/07 13:30:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/13 14:27:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110402175609.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-725345543-1482476501-839522115-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKU\.DEFAULT..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O4 - HKU\S-1-5-18..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe (Freecom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1243236794562 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C06FEDC-A9E2-4DCB-AAA4-435CE2FF8659}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF6EECDD-5905-4FCB-9358-4CEEAACF8E93}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/10 12:30:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/14 20:27:00 | 000,000,003 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\AutoRun\command - "" = ircphate.exe
O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\open\command - "" = ircphate.exe
O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell - "" = AutoRun
O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell - "" = AutoRun
O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell - "" = AutoRun
O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/14 20:23:25 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
[2011/10/14 18:58:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
[2011/10/14 18:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/10/14 10:49:18 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
[2011/10/13 21:35:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\My Documents\My Videos
[2011/10/13 21:35:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Administrative Tools
[2011/10/13 21:35:29 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
[2011/10/13 18:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/13 18:11:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/13 18:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/13 18:11:01 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/10 12:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/08 16:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\PCHealth
[2011/10/07 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
[2011/10/03 13:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EndNote
[2011/09/28 13:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uxta
[2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uqoxug
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/14 20:21:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
[2011/10/14 20:20:01 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
[2011/10/14 20:17:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
[2011/10/14 20:02:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003UA.job
[2011/10/14 19:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/14 18:08:15 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/14 18:07:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/14 18:07:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/14 18:07:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/14 11:02:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003Core.job
[2011/10/14 10:56:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 10:56:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/14 10:31:10 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
[2011/10/13 18:11:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 18:09:53 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
[2011/10/13 12:03:34 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
[2011/10/13 08:31:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/08 10:53:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
[2011/10/03 13:39:20 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
[2011/09/28 14:45:42 | 003,052,387 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
[2011/09/28 13:41:43 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/28 13:35:19 | 000,327,348 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
[2011/09/28 13:27:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/27 15:13:48 | 000,077,521 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
[2011/09/15 16:38:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/13 21:30:47 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
[2011/10/13 18:11:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 18:09:51 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
[2011/10/08 10:53:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
[2011/10/03 13:36:43 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R2D2- LIBRARY- ALL REFS 29Aug2011 Copy Copy Copy.enl
[2011/09/29 13:27:14 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\R2D2- all.refs Note7, aug29.enl
[2011/09/29 10:48:03 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
[2011/09/28 14:45:42 | 003,052,387 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
[2011/09/28 13:41:43 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/28 13:35:19 | 000,327,348 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
[2011/09/27 15:13:48 | 000,077,521 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
[2010/03/09 14:26:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/11/17 12:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/05 14:54:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\fusioncache.dat
[2007/06/25 14:23:50 | 000,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/06/25 14:23:39 | 000,001,359 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/06/25 14:19:34 | 000,093,585 | ---- | C] () -- C:\WINDOWS\hppins03.dat
[2007/06/25 14:19:34 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
[2007/06/25 11:08:57 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2007/06/25 11:08:57 | 000,000,526 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
[2007/06/23 11:15:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/06/23 11:10:16 | 000,093,474 | ---- | C] () -- C:\WINDOWS\hppins03.dat.temp
[2007/06/23 11:10:16 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat.temp
[2007/03/16 15:33:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2006/12/02 11:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/09/20 13:38:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2006/09/20 13:38:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/08/28 14:04:31 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006/08/28 14:04:31 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/08/24 12:15:21 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/10 13:11:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/10 13:10:48 | 000,307,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/10 12:42:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/10 12:32:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/10 12:27:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,383,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,053,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/12/21 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2010/03/09 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/03/09 14:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2011/10/05 17:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2011/10/03 13:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\EndNote
[2007/11/28 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Leadertech
[2010/09/20 13:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\MSNInstaller
[2009/12/21 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Tatara Systems
[2011/09/28 12:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Uqoxug
[2011/09/28 13:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Uxta

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/07/10 12:30:17 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/07/10 12:25:56 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006/07/10 12:30:17 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/07/10 12:30:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/07/10 12:30:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/17 11:22:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/14 18:07:00 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/10/14 10:51:18 | 000,047,452 | ---- | M] () -- C:\TDSSKiller.2.6.9.0_14.10.2011_10.49.44_log.txt
[2011/10/14 18:09:36 | 000,046,498 | ---- | M] () -- C:\TDSSKiller.2.6.9.0_14.10.2011_18.09.03_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/07/10 12:29:55 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/09/23 02:25:16 | 000,069,120 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp053.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/07/25 14:06:19 | 000,001,746 | -H-- | M] () -- C:\Documents and Settings\Russell Dobash\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/07/10 13:10:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/07/10 13:10:00 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/07/10 13:10:00 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/06/17 11:31:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/07/10 12:34:03 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Russell Dobash\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/07/10 12:34:02 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/10/14 20:17:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
[2011/10/14 20:20:01 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
[2011/10/13 08:31:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/14 20:21:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
[2011/10/14 10:31:10 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/07/10 12:34:02 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Russell Dobash\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/10/14 19:09:18 | 000,540,672 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/14 01:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 01:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 15:01:49 | 000,201,147 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 18:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 01:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 19:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 19:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 19:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
extras.txt

OTL Extras logfile created on: 10/14/2011 8:25:09 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Russell Dobash\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.36% Memory free
3.84 Gb Paging File | 3.34 Gb Available in Paging File | 86.89% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.92 Gb Total Space | 126.98 Gb Free Space | 85.27% Space Free | Partition Type: NTFS
Drive F: | 1001.25 Mb Total Space | 958.48 Mb Free Space | 95.73% Space Free | Partition Type: FAT32

Computer Name: UNIVERSI-2DDE3C | User Name: Russell Dobash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\setup\HPZnet01.exe" = D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
"D:\setup\hppapd.exe" = D:\setup\hppapd.exe:*:Enabled:hppapd.exe
"D:\setup\hppnicifs01.exe" = D:\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe
"D:\setup\hpntwkexe.exe" = D:\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe
"D:\setup\hppSetBOD.exe" = D:\setup\hppSetBOD.exe:*:Enabled:hppsetbod.exe
"D:\setup\hppnac01.exe" = D:\setup\hppnac01.exe:*:Enabled:hppnac01.exe
"C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"D:\X86\IbisCont.exe" = D:\X86\IbisCont.exe:*:Enabled:BT Home Hub 3.0
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{049CAE8B-67B4-4C53-8B08-58331A41A4C0}" = hpzTLBXFX
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0BF9161F-67BB-4CB5-A6C4-04E74020CB9E}" = QSR N6
"{11A3D40A-6EF9-4E0E-BB34-E9F458C40601}" = hppIOFiles
"{15B25E12-3E5F-4C13-A637-9EC72A55491E}" = SPSS 15.0 for Windows
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E745BC8-4C2C-423D-8601-770BB3E9E023}" = hppusg2605
"{1F73D672-6175-4A1D-B3C1-420439D03D0F}" = Product_SF_Full_QFolder
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{38DFF723-C0B1-44AB-A927-62EDB033908F}" = Belkin 54g USB Network Adapter
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{414C803A-6115-4DB6-BD4E-FD81EA6BC71C}" = Product_SF_Min_QFolder
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{6441FECE-0E73-4326-81BF-68503E897820}" = CorePLS_Min_QFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69E6C13B-CF6B-47A6-B7A5-77FE82B2CB40}" = hppFonts
"{6B7E1C85-CAAB-42DD-9319-E785C2C19BB3}" = hppTLBXFX2605
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8C0118CC-F720-45FF-A4DA-44AD77B2E73C}" = CorePLS_Full_QFolder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9CD9AA8B-E6A4-4199-8DDD-43C6A57273C2}" = EndNote 8.0.1
"{9D08BA75-D917-43FD-A0C4-F81D27C61053}" = hppCLJ2605
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C53D0627-79E7-45A0-B37C-B92A7E40F122}" = hppManuals2605
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EDAE4F43-833C-443B-8DB5-129F897DF3E8}" = hppWebRegMM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"EndNote" = EndNote
"Freecom Personal Media Suite_is1" = Freecom Personal Media Suite 2.24
"HP Color LaserJet 2605" = HP Color LaserJet 2605 Series 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"HPExtendedCapabilities" = HP Extended Capabilities 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSC" = McAfee AntiVirus Plus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"QSR NVivo 1.2 Demo" = QSR NVivo 1.2 Demo
"VirtualCloneDrive" = VirtualCloneDrive
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-725345543-1482476501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2011 6:59:12 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x71ad0fef.

Error - 10/9/2011 6:59:57 AM | Computer Name = UNIVERSI-2DDE3C | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 10/9/2011 7:02:56 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1004
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x71ad0fef.

Error - 10/9/2011 7:03:09 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x71ad0fe5.

Error - 10/9/2011 7:03:14 AM | Computer Name = UNIVERSI-2DDE3C | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 10/9/2011 7:03:19 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1004
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x71ad0fe5.

Error - 10/9/2011 7:22:10 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1000
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x71ad0000.

Error - 10/9/2011 7:22:32 AM | Computer Name = UNIVERSI-2DDE3C | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 10/9/2011 7:24:57 AM | Computer Name = UNIVERSI-2DDE3C | Source = Application Error | ID = 1004
Description = Faulting application lsass.exe, version 5.1.2600.5512, faulting module
unknown, version 0.0.0.0, fault address 0x71ad0000.

Error - 10/13/2011 12:48:43 PM | Computer Name = UNIVERSI-2DDE3C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/14/2011 3:25:16 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/14/2011 3:25:48 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/14/2011 3:26:21 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/14/2011 3:26:56 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/14/2011 3:27:36 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/14/2011 3:28:26 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/14/2011 3:28:56 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/14/2011 3:29:31 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/14/2011 3:30:06 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 10/14/2011 3:31:21 PM | Computer Name = UNIVERSI-2DDE3C | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
O4 - HKLM..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O4 - HKU\S-1-5-18..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\AutoRun\command - "" = ircphate.exe
O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\open\command - "" = ircphate.exe
O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell - "" = AutoRun
O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell - "" = AutoRun
O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell - "" = AutoRun
O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
[2011/10/07 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
[2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uxta
[2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uqoxug
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
 
OTL Run Fix Output

:OTL
DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
DRV - [2007/11/14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
O4 - HKLM..\Run: [] File not found
O4 - HKU\.DEFAULT..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O4 - HKU\S-1-5-18..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\AutoRun\command - "" = ircphate.exe
O33 - MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\Shell\open\command - "" = ircphate.exe
O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell - "" = AutoRun
O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell - "" = AutoRun
O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell - "" = AutoRun
O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell - "" = AutoRun
O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
[2011/10/07 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
[2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uxta
[2011/09/26 15:00:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Application Data\Uqoxug
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
 
OTL Quick Scan Output

OTL logfile created on: 10/14/2011 9:51:31 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Russell Dobash\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.82% Memory free
3.84 Gb Paging File | 3.38 Gb Available in Paging File | 88.11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.92 Gb Total Space | 127.02 Gb Free Space | 85.29% Space Free | Partition Type: NTFS
Drive F: | 1001.25 Mb Total Space | 948.82 Mb Free Space | 94.76% Space Free | Partition Type: FAT32

Computer Name: UNIVERSI-2DDE3C | User Name: Russell Dobash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/14 20:21:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/10/12 14:56:44 | 000,164,384 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsMap.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/14 11:53:48 | 003,338,296 | ---- | M] (Freecom) -- C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
PRC - [2005/11/21 15:55:16 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
PRC - [2005/06/06 23:46:24 | 000,176,606 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/08 09:00:31 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_07258f3b\mscorlib.dll
MOD - [2010/10/08 09:00:24 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_da50a229\system.drawing.dll
MOD - [2010/10/06 18:14:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e27e83d9\system.xml.dll
MOD - [2010/10/06 18:14:08 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ccf464b8\system.windows.forms.dll
MOD - [2010/10/06 18:14:01 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2b2ee9d8\system.dll
MOD - [2010/10/06 18:13:53 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/10/06 18:13:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2009/11/17 12:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009/01/29 12:27:06 | 000,310,800 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saset.dll
MOD - [2009/01/29 12:27:04 | 000,652,304 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sacore.dll
MOD - [2009/01/29 12:27:02 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/01/29 12:27:00 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/01/29 12:26:58 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2009/01/23 10:46:22 | 000,351,248 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
MOD - [2009/01/23 10:46:14 | 000,056,336 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
MOD - [2007/12/02 13:22:33 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2007/12/02 13:22:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/12/02 13:22:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/12/02 13:22:30 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/12/02 13:22:30 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2005/08/10 15:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll
MOD - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
MOD - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
MOD - [2003/10/08 11:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll
MOD - [2003/06/30 15:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll
MOD - [2002/10/03 11:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll
MOD - [2002/04/09 07:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/10/07 13:01:04 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/12/13 15:10:00 | 000,007,040 | ---- | M] (Freecom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gonzales.sys -- (Gonzales)
DRV - [2005/11/28 21:55:46 | 000,012,160 | ---- | M] (Freecom) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Bonifay.sys -- (Bonifay)
DRV - [2005/09/20 11:22:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 74 E1 15 8A 27 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/10/07 13:30:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/13 14:27:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110402175609.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe (Freecom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1243236794562 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C06FEDC-A9E2-4DCB-AAA4-435CE2FF8659}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF6EECDD-5905-4FCB-9358-4CEEAACF8E93}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/10 12:30:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/14 21:53:10 | 000,000,003 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/14 21:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/10/14 21:44:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/14 20:23:25 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
[2011/10/14 18:58:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
[2011/10/14 10:49:18 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
[2011/10/13 21:35:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\My Documents\My Videos
[2011/10/13 21:35:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Administrative Tools
[2011/10/13 21:35:29 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
[2011/10/13 18:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/13 18:11:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/13 18:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/13 18:11:01 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/10 12:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/08 16:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\PCHealth
[2011/10/07 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
[2011/10/03 13:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EndNote
[2011/09/28 13:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore

========== Files - Modified Within 30 Days ==========

[2011/10/14 21:49:01 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/14 21:48:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/14 21:48:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/14 21:47:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/14 21:02:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003UA.job
[2011/10/14 20:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/14 20:21:20 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
[2011/10/14 20:20:01 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
[2011/10/14 20:17:02 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
[2011/10/14 11:02:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003Core.job
[2011/10/14 10:56:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 10:56:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/14 10:31:10 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
[2011/10/13 18:11:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 18:09:53 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
[2011/10/13 12:03:34 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
[2011/10/13 08:31:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/08 10:53:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
[2011/10/03 13:39:20 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
[2011/09/28 14:45:42 | 003,052,387 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
[2011/09/28 13:41:43 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/28 13:35:19 | 000,327,348 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
[2011/09/28 13:27:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/27 15:13:48 | 000,077,521 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
[2011/09/15 16:38:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/10/13 21:30:47 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
[2011/10/13 18:11:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 18:09:51 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
[2011/10/08 10:53:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
[2011/10/03 13:36:43 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R2D2- LIBRARY- ALL REFS 29Aug2011 Copy Copy Copy.enl
[2011/09/29 13:27:14 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\R2D2- all.refs Note7, aug29.enl
[2011/09/29 10:48:03 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
[2011/09/28 14:45:42 | 003,052,387 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
[2011/09/28 13:41:43 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/28 13:35:19 | 000,327,348 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
[2011/09/27 15:13:48 | 000,077,521 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
[2010/03/09 14:26:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/11/17 12:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/05 14:54:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\fusioncache.dat
[2007/06/25 14:23:50 | 000,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/06/25 14:23:39 | 000,001,359 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/06/25 14:19:34 | 000,093,585 | ---- | C] () -- C:\WINDOWS\hppins03.dat
[2007/06/25 14:19:34 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
[2007/06/25 11:08:57 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2007/06/25 11:08:57 | 000,000,526 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
[2007/06/23 11:15:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/06/23 11:10:16 | 000,093,474 | ---- | C] () -- C:\WINDOWS\hppins03.dat.temp
[2007/06/23 11:10:16 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat.temp
[2007/03/16 15:33:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2006/12/02 11:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/09/20 13:38:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2006/09/20 13:38:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/08/28 14:04:31 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006/08/28 14:04:31 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/08/24 12:15:21 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/10 13:11:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/10 13:10:48 | 000,307,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/10 12:42:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/10 12:32:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/10 12:27:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,383,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,053,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/12/21 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2010/03/09 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/03/09 14:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2011/10/03 13:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\EndNote
[2007/11/28 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Leadertech
[2010/09/20 13:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\MSNInstaller
[2009/12/21 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Tatara Systems

========== Purity Check ==========



< End of report >
 
You didn't run my fix.
In reply #15 you simply copied and pasted my script.
Re-read my instructions and redo.
 
OTL Run Fix Output (really this time)

Sorry Broni,

You are correct I pasted your fix into reply 15. That was a mistake. I did in fact run the fix in the proper sequence and the output follows here. If you wish I will run the fix and the quick scan again but I am sure this is the output from the fix.

All processes killed
========== OTL ==========
Service Micorsoft Windows Service stopped successfully!
Service\Driver key Micorsoft Windows Service not found.
Service vsdatant stopped successfully!
Service vsdatant deleted successfully!
C:\WINDOWS\system32\vsdatant.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\LmlLhkfv deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\LmlLhkfv not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\ not found.
File ircphate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30fbe654-b42b-11df-8fcb-cfaf9c07fb7d}\ not found.
File ircphate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e338d8a-26b5-11df-8ec4-8183384e814c}\ not found.
File F:\AUTORUN.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ea63c98-9676-11e0-909d-001372cae198}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ea63c98-9676-11e0-909d-001372cae198}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ea63c98-9676-11e0-909d-001372cae198}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ea63c98-9676-11e0-909d-001372cae198}\ not found.
File F:\AUTORUN.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26f52aa-d863-11df-9003-fc4e228586be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26f52aa-d863-11df-9003-fc4e228586be}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26f52aa-d863-11df-9003-fc4e228586be}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26f52aa-d863-11df-9003-fc4e228586be}\ not found.
File F:\AUTORUN.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb6-ee4d-11de-8ead-a5f40cce57f4}\ not found.
File F:\AUTORUN.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d64d2fb7-ee4d-11de-8ead-a5f40cce57f4}\ not found.
File F:\AUTORUN.EXE not found.
Folder move failed. C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi scheduled to be moved on reboot.
C:\Documents and Settings\Russell Dobash\Application Data\Uxta folder moved successfully.
C:\Documents and Settings\Russell Dobash\Application Data\Uqoxug folder moved successfully.
C:\WINDOWS\003084_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 12033894 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Russell Dobash
->Temp folder emptied: 419214783 bytes
->Temporary Internet Files folder emptied: 30899646 bytes
->Google Chrome cache emptied: 17237512 bytes
->Flash cache emptied: 1113721 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119471360 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 11736 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 132837023 bytes

Total Files Cleaned = 699.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Russell Dobash
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10142011_214440

Files\Folders moved on Reboot...
Folder move failed. C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Fresh log from OTL Quick Scan

OTL logfile created on: 10/14/2011 11:31:29 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Russell Dobash\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.76% Memory free
3.84 Gb Paging File | 3.30 Gb Available in Paging File | 86.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.92 Gb Total Space | 125.23 Gb Free Space | 84.09% Space Free | Partition Type: NTFS
Drive F: | 1001.25 Mb Total Space | 945.46 Mb Free Space | 94.43% Space Free | Partition Type: FAT32

Computer Name: UNIVERSI-2DDE3C | User Name: Russell Dobash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/14 22:08:03 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/10/12 14:56:44 | 000,164,384 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsMap.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/14 11:53:48 | 003,338,296 | ---- | M] (Freecom) -- C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
PRC - [2005/11/21 15:55:16 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
PRC - [2005/06/06 23:46:24 | 000,176,606 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/08 09:00:31 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_07258f3b\mscorlib.dll
MOD - [2010/10/08 09:00:24 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_da50a229\system.drawing.dll
MOD - [2010/10/06 18:14:15 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e27e83d9\system.xml.dll
MOD - [2010/10/06 18:14:08 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ccf464b8\system.windows.forms.dll
MOD - [2010/10/06 18:14:01 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2b2ee9d8\system.dll
MOD - [2010/10/06 18:13:53 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2010/10/06 18:13:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2009/11/17 12:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009/01/29 12:27:06 | 000,310,800 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saset.dll
MOD - [2009/01/29 12:27:04 | 000,652,304 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sacore.dll
MOD - [2009/01/29 12:27:02 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/01/29 12:27:00 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/01/29 12:26:58 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2009/01/23 10:46:22 | 000,351,248 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
MOD - [2009/01/23 10:46:14 | 000,056,336 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
MOD - [2007/12/02 13:22:33 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2007/12/02 13:22:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/12/02 13:22:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/12/02 13:22:30 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/12/02 13:22:30 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2005/08/10 15:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll
MOD - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
MOD - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
MOD - [2003/10/08 11:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll
MOD - [2003/06/30 15:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll
MOD - [2002/10/03 11:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll
MOD - [2002/04/09 07:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/10/07 13:01:04 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/12/13 15:10:00 | 000,007,040 | ---- | M] (Freecom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gonzales.sys -- (Gonzales)
DRV - [2005/11/28 21:55:46 | 000,012,160 | ---- | M] (Freecom) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Bonifay.sys -- (Bonifay)
DRV - [2005/09/20 11:22:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 74 E1 15 8A 27 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/10/07 13:30:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/09/13 14:27:04 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110402175609.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe (Freecom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1243236794562 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C06FEDC-A9E2-4DCB-AAA4-435CE2FF8659}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF6EECDD-5905-4FCB-9358-4CEEAACF8E93}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/10 12:30:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/14 21:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/10/14 21:44:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/14 20:23:25 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
[2011/10/14 18:58:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
[2011/10/14 10:49:18 | 001,559,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
[2011/10/13 21:35:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\My Documents\My Videos
[2011/10/13 21:35:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Administrative Tools
[2011/10/13 21:35:29 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
[2011/10/13 18:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/13 18:11:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/13 18:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/13 18:11:01 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/10 12:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/08 16:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\PCHealth
[2011/10/07 15:11:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
[2011/10/03 13:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EndNote
[2011/09/28 13:41:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore

========== Files - Modified Within 30 Days ==========

[2011/10/14 23:02:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003UA.job
[2011/10/14 22:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/14 22:08:03 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
[2011/10/14 22:07:59 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
[2011/10/14 22:04:59 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Russell Dobash\Desktop\aswMBR.exe
[2011/10/14 21:49:01 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/14 21:48:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/14 21:48:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/14 21:47:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/14 11:02:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003Core.job
[2011/10/14 10:56:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 10:56:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/14 10:31:10 | 001,559,344 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
[2011/10/13 18:11:34 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 18:09:53 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
[2011/10/13 12:03:34 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\dds.scr
[2011/10/13 08:31:30 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Russell Dobash\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/08 10:53:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
[2011/10/03 13:39:20 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
[2011/09/28 14:45:42 | 003,052,387 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
[2011/09/28 13:41:43 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/28 13:35:19 | 000,327,348 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
[2011/09/28 13:27:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/27 15:13:48 | 000,077,521 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
[2011/09/15 16:38:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2011/10/13 21:30:47 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\jwcnqywc.exe
[2011/10/13 18:11:34 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 18:09:51 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
[2011/10/08 10:53:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
[2011/10/03 13:36:43 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R2D2- LIBRARY- ALL REFS 29Aug2011 Copy Copy Copy.enl
[2011/09/29 13:27:14 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\R2D2- all.refs Note7, aug29.enl
[2011/09/29 10:48:03 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
[2011/09/28 14:45:42 | 003,052,387 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
[2011/09/28 13:41:43 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/28 13:35:19 | 000,327,348 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
[2011/09/27 15:13:48 | 000,077,521 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
[2010/03/09 14:26:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/11/17 12:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/05 14:54:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\fusioncache.dat
[2007/06/25 14:23:50 | 000,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/06/25 14:23:39 | 000,001,359 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/06/25 14:19:34 | 000,093,585 | ---- | C] () -- C:\WINDOWS\hppins03.dat
[2007/06/25 14:19:34 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
[2007/06/25 11:08:57 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2007/06/25 11:08:57 | 000,000,526 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
[2007/06/23 11:15:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/06/23 11:10:16 | 000,093,474 | ---- | C] () -- C:\WINDOWS\hppins03.dat.temp
[2007/06/23 11:10:16 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat.temp
[2007/03/16 15:33:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2006/12/02 11:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/09/20 13:38:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2006/09/20 13:38:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/08/28 14:04:31 | 000,000,473 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006/08/28 14:04:31 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/08/24 12:15:21 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/10 13:11:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/10 13:10:48 | 000,307,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/10 12:42:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/10 12:32:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/10 12:27:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,383,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,053,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/12/21 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2010/03/09 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/03/09 14:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2011/10/03 13:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\EndNote
[2007/11/28 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Leadertech
[2010/09/20 13:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\MSNInstaller
[2009/12/21 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Tatara Systems

========== Purity Check ==========



< End of report >
 
combofix

Copying it to the desktop from USB stick still gets "Access Denied"
IE now has an address bar. Pasting in the download url and pressing enter returns a blank page. Ditto with the techspot address. Clicking on the link in the email doesn't open IE.

Creating an Internet shortcut on the desktop with the address creates a Chrome icon. Chrome doesn't open when I double click the icon. Changing the HTML file association to IE doesn't change the icon to an IE one and it still doesn't open anything when double clicked.

The google search page still appears when IE is started but searches return a blank page. Sometimes search results appear but clicking on them produces "Internet Explorer cannot open the page"

Typing an IP address does open the page but navigation of the site is impossible and using the whole URL with just the .......com replaced by the ip doesn't work.

I can copy other things to the desktop. I'm mindful of your instruction not to rename combofix unless instructed so I haven't done that yet.
 
Lets run the following tool. This will help determine which files need permissions restored.

Please download and save Junction.zip

Unzip it and place Junction.exe in the Windows directory (C:\Windows).
Go to Start>Run (Vista and Windows 7 users use "Start search" box).
Copy and paste the following command in the Run box and click OK (Vista and Windows 7 users press "Enter"):

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system.
Wait until a log file opens.
Copy and paste the log in your next reply.
 
Junction log

Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\System Volume Information\MountPointManagerRemoteDatabase: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

No reparse points found.
 
Please download GrantPerms.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe (32-bit system) or GrantPerms64.exe (64-bit system)
Copy and paste the following in the edit box:

Code: 
c:\\System Volume Information\MountPointManagerRemoteDatabase

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.
 
You must log in or register to reply here.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
TDMoor
Solved Automatic Proxy Setup Script on Chrome
2 3
Replies
50
Views
12K
Broni
Broni
A
Solved My computer was hit by unknown malware
2
Replies
30
Views
11K
Broni
Broni

Latest posts

Back