Solved Google redirect, AV & IE damage

Some good news :)

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKiller Report

21:35:54.0015 3800 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
21:35:54.0046 3800 ============================================================
21:35:54.0046 3800 Current date / time: 2011/10/20 21:35:54.0046
21:35:54.0046 3800 SystemInfo:
21:35:54.0046 3800
21:35:54.0046 3800 OS Version: 5.1.2600 ServicePack: 3.0
21:35:54.0046 3800 Product type: Workstation
21:35:54.0046 3800 ComputerName: UNIVERSI-2DDE3C
21:35:54.0046 3800 UserName: Russell Dobash
21:35:54.0046 3800 Windows directory: C:\WINDOWS
21:35:54.0046 3800 System windows directory: C:\WINDOWS
21:35:54.0046 3800 Processor architecture: Intel x86
21:35:54.0046 3800 Number of processors: 2
21:35:54.0046 3800 Page size: 0x1000
21:35:54.0046 3800 Boot type: Normal boot
21:35:54.0046 3800 ============================================================
21:35:55.0546 3800 Initialize success
21:36:14.0656 3828 ============================================================
21:36:14.0656 3828 Scan started
21:36:14.0656 3828 Mode: Manual;
21:36:14.0656 3828 ============================================================
21:36:14.0828 3828 Abiosdsk - ok
21:36:14.0843 3828 abp480n5 - ok
21:36:14.0937 3828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:36:14.0953 3828 ACPI - ok
21:36:15.0000 3828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:36:15.0000 3828 ACPIEC - ok
21:36:15.0015 3828 adpu160m - ok
21:36:15.0078 3828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:36:15.0078 3828 aec - ok
21:36:15.0125 3828 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:36:15.0125 3828 AegisP - ok
21:36:15.0171 3828 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:36:15.0171 3828 AFD - ok
21:36:15.0187 3828 Aha154x - ok
21:36:15.0234 3828 aic78u2 - ok
21:36:15.0250 3828 aic78xx - ok
21:36:15.0328 3828 AliIde - ok
21:36:15.0359 3828 amsint - ok
21:36:15.0421 3828 asc - ok
21:36:15.0453 3828 asc3350p - ok
21:36:15.0484 3828 asc3550 - ok
21:36:15.0609 3828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:36:15.0609 3828 AsyncMac - ok
21:36:15.0656 3828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:36:15.0671 3828 atapi - ok
21:36:15.0703 3828 Atdisk - ok
21:36:15.0796 3828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:36:15.0796 3828 Atmarpc - ok
21:36:15.0906 3828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:36:15.0906 3828 audstub - ok
21:36:15.0953 3828 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
21:36:15.0953 3828 b57w2k - ok
21:36:16.0062 3828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:36:16.0062 3828 Beep - ok
21:36:16.0140 3828 Bonifay (c0152e77307de863ebf6c728cf0a771d) C:\WINDOWS\system32\DRIVERS\Bonifay.sys
21:36:16.0156 3828 Bonifay - ok
21:36:16.0187 3828 catchme - ok
21:36:16.0265 3828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:36:16.0265 3828 cbidf2k - ok
21:36:16.0312 3828 cd20xrnt - ok
21:36:16.0375 3828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:36:16.0375 3828 Cdaudio - ok
21:36:16.0468 3828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:36:16.0468 3828 Cdfs - ok
21:36:16.0515 3828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:36:16.0515 3828 Cdrom - ok
21:36:16.0593 3828 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
21:36:16.0593 3828 cfwids - ok
21:36:16.0656 3828 Changer - ok
21:36:16.0718 3828 CmdIde - ok
21:36:16.0828 3828 Cpqarray - ok
21:36:16.0921 3828 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
21:36:16.0921 3828 CVirtA - ok
21:36:17.0031 3828 CVPNDRVA (c23025ac5ae45a105d63bd6e2408edd4) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
21:36:17.0031 3828 CVPNDRVA - ok
21:36:17.0046 3828 dac2w2k - ok
21:36:17.0078 3828 dac960nt - ok
21:36:17.0218 3828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:36:17.0218 3828 Disk - ok
21:36:17.0343 3828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:36:17.0406 3828 dmboot - ok
21:36:17.0453 3828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:36:17.0468 3828 dmio - ok
21:36:17.0500 3828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:36:17.0500 3828 dmload - ok
21:36:17.0609 3828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:36:17.0609 3828 DMusic - ok
21:36:17.0687 3828 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
21:36:17.0687 3828 DNE - ok
21:36:17.0828 3828 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:36:17.0843 3828 Dot4 - ok
21:36:17.0890 3828 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
21:36:17.0890 3828 Dot4Print - ok
21:36:17.0953 3828 dpti2o - ok
21:36:18.0015 3828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:36:18.0015 3828 drmkaud - ok
21:36:18.0140 3828 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
21:36:18.0140 3828 ElbyCDIO - ok
21:36:18.0250 3828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:36:18.0250 3828 Fastfat - ok
21:36:18.0296 3828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:36:18.0312 3828 Fdc - ok
21:36:18.0343 3828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:36:18.0343 3828 Fips - ok
21:36:18.0359 3828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:36:18.0359 3828 Flpydisk - ok
21:36:18.0390 3828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:36:18.0406 3828 FltMgr - ok
21:36:18.0421 3828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:36:18.0421 3828 Fs_Rec - ok
21:36:18.0453 3828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:36:18.0468 3828 Ftdisk - ok
21:36:18.0546 3828 Gonzales (673d63add112dce1ea58a4e418eddb86) C:\WINDOWS\system32\DRIVERS\Gonzales.sys
21:36:18.0546 3828 Gonzales - ok
21:36:18.0625 3828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:36:18.0625 3828 Gpc - ok
21:36:18.0687 3828 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:36:18.0687 3828 hidusb - ok
21:36:18.0781 3828 HPFXBULK (e4e0b356a8756066cf89080d9da69f22) C:\WINDOWS\system32\drivers\hpfxbulk.sys
21:36:18.0781 3828 HPFXBULK - ok
21:36:18.0812 3828 hpn - ok
21:36:18.0906 3828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:36:18.0906 3828 HTTP - ok
21:36:19.0015 3828 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:36:19.0015 3828 hwdatacard - ok
21:36:19.0062 3828 i2omgmt - ok
21:36:19.0140 3828 i2omp - ok
21:36:19.0203 3828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
21:36:19.0203 3828 i8042prt - ok
21:36:19.0234 3828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:36:19.0250 3828 Imapi - ok
21:36:19.0281 3828 ini910u - ok
21:36:19.0328 3828 IntelIde - ok
21:36:19.0406 3828 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:36:19.0406 3828 intelppm - ok
21:36:19.0453 3828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:36:19.0468 3828 Ip6Fw - ok
21:36:19.0562 3828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:36:19.0562 3828 IpFilterDriver - ok
21:36:19.0609 3828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:36:19.0609 3828 IpInIp - ok
21:36:19.0734 3828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:36:19.0734 3828 IpNat - ok
21:36:19.0796 3828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:36:19.0812 3828 IPSec - ok
21:36:19.0843 3828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:36:19.0843 3828 IRENUM - ok
21:36:19.0890 3828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:36:19.0890 3828 isapnp - ok
21:36:19.0906 3828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:36:19.0921 3828 Kbdclass - ok
21:36:19.0968 3828 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:36:19.0968 3828 kbdhid - ok
21:36:20.0031 3828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:36:20.0031 3828 kmixer - ok
21:36:20.0062 3828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:36:20.0062 3828 KSecDD - ok
21:36:20.0109 3828 lbrtfdc - ok
21:36:20.0171 3828 MBAMSwissArmy - ok
21:36:20.0375 3828 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
21:36:20.0375 3828 mfeapfk - ok
21:36:20.0453 3828 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
21:36:20.0468 3828 mfeavfk - ok
21:36:20.0468 3828 mfeavfk01 - ok
21:36:20.0500 3828 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
21:36:20.0500 3828 mfebopk - ok
21:36:20.0546 3828 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
21:36:20.0546 3828 mfefirek - ok
21:36:20.0609 3828 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
21:36:20.0625 3828 mfehidk - ok
21:36:20.0671 3828 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
21:36:20.0671 3828 mfendisk - ok
21:36:20.0687 3828 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
21:36:20.0687 3828 mfendiskmp - ok
21:36:20.0750 3828 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
21:36:20.0750 3828 mferkdet - ok
21:36:20.0843 3828 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
21:36:20.0843 3828 mfetdi2k - ok
21:36:20.0890 3828 Micorsoft Windows Service - ok
21:36:20.0937 3828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:36:20.0937 3828 mnmdd - ok
21:36:21.0015 3828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:36:21.0015 3828 Modem - ok
21:36:21.0046 3828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:36:21.0046 3828 Mouclass - ok
21:36:21.0109 3828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:36:21.0109 3828 mouhid - ok
21:36:21.0125 3828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:36:21.0125 3828 MountMgr - ok
21:36:21.0140 3828 mraid35x - ok
21:36:21.0171 3828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:36:21.0187 3828 MRxDAV - ok
21:36:21.0250 3828 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:36:21.0296 3828 MRxSmb - ok
21:36:21.0343 3828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:36:21.0343 3828 Msfs - ok
21:36:21.0390 3828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:36:21.0406 3828 MSKSSRV - ok
21:36:21.0468 3828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:36:21.0468 3828 MSPCLOCK - ok
21:36:21.0546 3828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:36:21.0546 3828 MSPQM - ok
21:36:21.0593 3828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:36:21.0593 3828 mssmbios - ok
21:36:21.0656 3828 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:36:21.0656 3828 Mup - ok
21:36:21.0765 3828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:36:21.0765 3828 NDIS - ok
21:36:21.0843 3828 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:36:21.0843 3828 NdisTapi - ok
21:36:21.0921 3828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:36:21.0921 3828 Ndisuio - ok
21:36:21.0968 3828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:36:21.0968 3828 NdisWan - ok
21:36:22.0015 3828 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:36:22.0015 3828 NDProxy - ok
21:36:22.0093 3828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:36:22.0093 3828 NetBIOS - ok
21:36:22.0187 3828 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:36:22.0187 3828 NetBT - ok
21:36:22.0312 3828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:36:22.0312 3828 Npfs - ok
21:36:22.0359 3828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:36:22.0390 3828 Ntfs - ok
21:36:22.0437 3828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:36:22.0437 3828 Null - ok
21:36:22.0500 3828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:36:22.0500 3828 NwlnkFlt - ok
21:36:22.0500 3828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:36:22.0515 3828 NwlnkFwd - ok
21:36:22.0593 3828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:36:22.0593 3828 Parport - ok
21:36:22.0625 3828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:36:22.0625 3828 PartMgr - ok
21:36:22.0687 3828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:36:22.0687 3828 ParVdm - ok
21:36:22.0703 3828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:36:22.0703 3828 PCI - ok
21:36:22.0734 3828 PCIDump - ok
21:36:22.0781 3828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:36:22.0796 3828 PCIIde - ok
21:36:22.0843 3828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:36:22.0843 3828 Pcmcia - ok
21:36:22.0859 3828 PDCOMP - ok
21:36:22.0953 3828 PDFRAME - ok
21:36:22.0984 3828 PDRELI - ok
21:36:23.0031 3828 PDRFRAME - ok
21:36:23.0109 3828 perc2 - ok
21:36:23.0156 3828 perc2hib - ok
21:36:23.0312 3828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:36:23.0312 3828 PptpMiniport - ok
21:36:23.0359 3828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:36:23.0359 3828 PSched - ok
21:36:23.0406 3828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:36:23.0406 3828 Ptilink - ok
21:36:23.0453 3828 ql1080 - ok
21:36:23.0500 3828 Ql10wnt - ok
21:36:23.0531 3828 ql12160 - ok
21:36:23.0578 3828 ql1240 - ok
21:36:23.0656 3828 ql1280 - ok
21:36:23.0703 3828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:36:23.0703 3828 RasAcd - ok
21:36:23.0765 3828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:36:23.0765 3828 Rasl2tp - ok
21:36:23.0828 3828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:36:23.0828 3828 RasPppoe - ok
21:36:23.0906 3828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:36:23.0906 3828 Raspti - ok
21:36:23.0953 3828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:36:23.0953 3828 Rdbss - ok
21:36:24.0000 3828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:36:24.0000 3828 RDPCDD - ok
21:36:24.0062 3828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:36:24.0062 3828 rdpdr - ok
21:36:24.0125 3828 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:36:24.0125 3828 RDPWD - ok
21:36:24.0187 3828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:36:24.0187 3828 redbook - ok
21:36:24.0312 3828 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
21:36:24.0328 3828 RT73 - ok
21:36:24.0453 3828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:36:24.0453 3828 Secdrv - ok
21:36:24.0531 3828 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
21:36:24.0531 3828 senfilt - ok
21:36:24.0578 3828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:36:24.0578 3828 serenum - ok
21:36:24.0609 3828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:36:24.0609 3828 Serial - ok
21:36:24.0687 3828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:36:24.0687 3828 Sfloppy - ok
21:36:24.0734 3828 Simbad - ok
21:36:24.0812 3828 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
21:36:24.0812 3828 smwdm - ok
21:36:24.0843 3828 Sparrow - ok
21:36:24.0937 3828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:36:24.0937 3828 splitter - ok
21:36:25.0000 3828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:36:25.0000 3828 sr - ok
21:36:25.0062 3828 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:36:25.0078 3828 Srv - ok
21:36:25.0109 3828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:36:25.0109 3828 swenum - ok
21:36:25.0171 3828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:36:25.0187 3828 swmidi - ok
21:36:25.0250 3828 symc810 - ok
21:36:25.0328 3828 symc8xx - ok
21:36:25.0359 3828 sym_hi - ok
21:36:25.0390 3828 sym_u3 - ok
21:36:25.0453 3828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:36:25.0453 3828 sysaudio - ok
21:36:25.0546 3828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:36:25.0546 3828 Tcpip - ok
21:36:25.0593 3828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:36:25.0593 3828 TDPIPE - ok
21:36:25.0640 3828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:36:25.0640 3828 TDTCP - ok
21:36:25.0687 3828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:36:25.0687 3828 TermDD - ok
21:36:25.0734 3828 TosIde - ok
21:36:25.0796 3828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:36:25.0796 3828 Udfs - ok
21:36:25.0812 3828 ultra - ok
21:36:25.0875 3828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:36:25.0890 3828 Update - ok
21:36:25.0968 3828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:36:25.0968 3828 usbccgp - ok
21:36:26.0015 3828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:36:26.0015 3828 usbehci - ok
21:36:26.0046 3828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:36:26.0046 3828 usbhub - ok
21:36:26.0093 3828 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:36:26.0093 3828 usbprint - ok
21:36:26.0156 3828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:36:26.0156 3828 USBSTOR - ok
21:36:26.0187 3828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:36:26.0187 3828 usbuhci - ok
21:36:26.0265 3828 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\WINDOWS\system32\DRIVERS\VClone.sys
21:36:26.0265 3828 VClone - ok
21:36:26.0296 3828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:36:26.0312 3828 VgaSave - ok
21:36:26.0359 3828 ViaIde - ok
21:36:26.0421 3828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:36:26.0421 3828 VolSnap - ok
21:36:26.0500 3828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:36:26.0500 3828 Wanarp - ok
21:36:26.0531 3828 WDICA - ok
21:36:26.0625 3828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:36:26.0625 3828 wdmaud - ok
21:36:26.0859 3828 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:36:26.0984 3828 \Device\Harddisk0\DR0 - ok
21:36:27.0000 3828 MBR (0x1B8) (fa5336aed3a1e2e264422e4ab865ae7b) \Device\Harddisk1\DR3
21:36:30.0234 3828 \Device\Harddisk1\DR3 - ok
21:36:30.0250 3828 Boot (0x1200) (e6b55c23be86f137bd054ea55b406768) \Device\Harddisk0\DR0\Partition0
21:36:30.0250 3828 \Device\Harddisk0\DR0\Partition0 - ok
21:36:30.0250 3828 ============================================================
21:36:30.0250 3828 Scan finished
21:36:30.0250 3828 ============================================================
21:36:30.0296 3820 Detected object count: 0
21:36:30.0296 3820 Actual detected object count: 0
 
Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Bootkit Remover

I may have screwed this one up.

When I did the ctrl+v into notepad I got the output from TDSSKiller again. I went back to the window, selected all again and this time when I did ctrl+c the window closed. I'm afraid I can't remember the contents.
 
Same thing. This time I took a screenshot. I can type the whole thing if you need it but I imagine the important bit is under MBR status where it says:

OK (DOS/Win32 Boot code found)
 
Fresh Combofix Log

ComboFix 11-10-18.04 - Russell Dobash 10/20/2011 22:22:56.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1658 [GMT 1:00]
Running from: c:\documents and settings\Russell Dobash\Desktop\ComboFix.exe
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\lmllhkfv.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))
.
.
2011-10-18 20:59 . 2011-10-20 21:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\dgtvwkvi
2011-10-15 15:50 . 2010-09-07 14:39 150392 ----a-w- c:\windows\junction.exe
2011-10-14 20:44 . 2011-10-14 20:44 -------- d-----w- C:\_OTL
2011-10-13 17:11 . 2011-10-13 17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-13 17:11 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-08 15:26 . 2011-10-08 15:26 -------- d-----w- c:\documents and settings\Russell Dobash\Local Settings\Application Data\PCHealth
2011-09-26 10:41 . 2011-09-26 10:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-14 09:51 . 2004-08-04 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-10-07 14:24 . 2011-08-25 08:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 10:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-20_02.23.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2011-09-26 10:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2011-10-20 21:33 . 2011-10-20 21:33 114035 c:\windows\Temp\drggmmefohcljxih.exe
- 2011-10-20 02:22 . 2011-10-20 02:22 114035 c:\windows\Temp\drggmmefohcljxih.exe
+ 2004-08-04 12:00 . 2011-09-26 10:41 220160 c:\windows\system32\dllcache\oleacc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2011-10-15 1404928]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LmlLhkfv"="c:\documents and settings\LocalService\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe" [2011-10-20 114035]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
lmllhkfv.exe [2011-10-20 114035]
.
c:\documents and settings\Russell Dobash\Start Menu\Programs\Startup\
Freecom Personal Media Suite.lnk - c:\program files\Freecom Personal Media Suite\FCPMS.exe [2006-9-14 3338296]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2011-4-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\documents and settings\LocalService\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe"
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/2/2011 5:56 PM 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/19/2010 3:05 PM 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/2/2011 5:55 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/2/2011 5:55 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/2/2011 5:56 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/2/2011 5:56 PM 141792]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [9/14/2006 3:23 PM 12160]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/2/2011 5:56 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/2/2011 5:56 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/2/2011 5:56 PM 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 12:55 PM 135664]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [9/14/2006 3:23 PM 7040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 12:55 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/2/2011 5:56 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/2/2011 5:56 PM 84264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 11:55]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 11:55]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003Core.job
- c:\documents and settings\Russell Dobash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-04 14:41]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003UA.job
- c:\documents and settings\Russell Dobash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-04 14:41]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 22:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3416)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe
c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-10-20 22:41:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-20 21:40
ComboFix2.txt 2011-10-20 02:30
ComboFix3.txt 2011-10-19 03:27
.
Pre-Run: 132,850,835,456 bytes free
Post-Run: 132,845,301,760 bytes free
.
- - End Of File - - 05ACD1B4F82672686210454D61E8D2CA
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\Temp\drggmmefohcljxih.exe
c:\documents and settings\LocalService\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe


Folder::
c:\documents and settings\LocalService\Local Settings\Application Data\dgtvwkvi


Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LmlLhkfv"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
cfscript output

ComboFix 11-10-18.04 - Russell Dobash 10/20/2011 22:53:11.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1623 [GMT 1:00]
Running from: c:\documents and settings\Russell Dobash\Desktop\ComboFix.exe
Command switches used :: F:\cfscript.txt
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
FILE ::
"c:\documents and settings\LocalService\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe"
"c:\windows\Temp\drggmmefohcljxih.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Local Settings\Application Data\dgtvwkvi
c:\documents and settings\LocalService\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))
.
.
2011-10-15 15:50 . 2010-09-07 14:39 150392 ----a-w- c:\windows\junction.exe
2011-10-14 20:44 . 2011-10-14 20:44 -------- d-----w- C:\_OTL
2011-10-13 17:11 . 2011-10-13 17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-13 17:11 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-08 15:26 . 2011-10-08 15:26 -------- d-----w- c:\documents and settings\Russell Dobash\Local Settings\Application Data\PCHealth
2011-09-26 10:41 . 2011-09-26 10:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-14 09:51 . 2004-08-04 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-10-07 14:24 . 2011-08-25 08:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 10:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-20_02.23.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2011-09-26 10:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2004-08-04 12:00 . 2011-09-26 10:41 220160 c:\windows\system32\dllcache\oleacc.dll
+ 2011-10-20 21:33 . 2011-10-20 21:35 114035 c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\lmllhkfv.exe
- 2011-10-18 20:59 . 2011-10-20 02:22 114035 c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\lmllhkfv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2011-10-15 1404928]
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
lmllhkfv.exe [2011-10-20 114035]
.
c:\documents and settings\Russell Dobash\Start Menu\Programs\Startup\
Freecom Personal Media Suite.lnk - c:\program files\Freecom Personal Media Suite\FCPMS.exe [2006-9-14 3338296]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2011-4-3 6144]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/2/2011 5:56 PM 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/19/2010 3:05 PM 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/2/2011 5:55 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/2/2011 5:55 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/2/2011 5:56 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/2/2011 5:56 PM 141792]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [9/14/2006 3:23 PM 12160]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/2/2011 5:56 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/2/2011 5:56 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/2/2011 5:56 PM 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 12:55 PM 135664]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [9/14/2006 3:23 PM 7040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 12:55 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/2/2011 5:56 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/2/2011 5:56 PM 84264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 11:55]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 11:55]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003Core.job
- c:\documents and settings\Russell Dobash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-04 14:41]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003UA.job
- c:\documents and settings\Russell Dobash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-04 14:41]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 23:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-20 23:01:55
ComboFix-quarantined-files.txt 2011-10-20 22:01
ComboFix2.txt 2011-10-20 21:41
ComboFix3.txt 2011-10-20 02:30
ComboFix4.txt 2011-10-19 03:27
.
Pre-Run: 132,852,523,008 bytes free
Post-Run: 132,835,389,440 bytes free
.
- - End Of File - - 064795802EFC658AF04BD8570B3090F8
 
Looks much better :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box
  • Click OK
Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\lmllhkfv.exe


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
combofix.txt

ComboFix 11-10-18.04 - Russell Dobash 10/20/2011 23:19:20.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1478 [GMT 1:00]
Running from: c:\documents and settings\Russell Dobash\Desktop\ComboFix.exe
Command switches used :: F:\cfscript.txt
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
.
FILE ::
"c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\lmllhkfv.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\lmllhkfv.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-20 to 2011-10-20 )))))))))))))))))))))))))))))))
.
.
2011-10-15 15:50 . 2010-09-07 14:39 150392 ----a-w- c:\windows\junction.exe
2011-10-14 20:44 . 2011-10-14 20:44 -------- d-----w- C:\_OTL
2011-10-13 17:11 . 2011-10-13 17:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-13 17:11 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-08 15:26 . 2011-10-08 15:26 -------- d-----w- c:\documents and settings\Russell Dobash\Local Settings\Application Data\PCHealth
2011-09-26 10:41 . 2011-09-26 10:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-14 09:51 . 2004-08-04 12:00 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-10-07 14:24 . 2011-08-25 08:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 10:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-20_02.23.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 12:00 . 2011-09-26 10:41 20480 c:\windows\system32\dllcache\oleaccrc.dll
+ 2004-08-04 12:00 . 2011-09-26 10:41 220160 c:\windows\system32\dllcache\oleacc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2005-11-21 45056]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2011-10-15 1404928]
.
c:\documents and settings\Russell Dobash\Start Menu\Programs\Startup\
Freecom Personal Media Suite.lnk - c:\program files\Freecom Personal Media Suite\FCPMS.exe [2006-9-14 3338296]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2011-4-3 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\WinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.exe"=
"c:\\Program Files\\SPSSInc\\PASWStatistics18\\paswstat.com"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/2/2011 5:56 PM 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/19/2010 3:05 PM 203280]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/2/2011 5:55 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/2/2011 5:55 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/2/2011 5:56 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [4/2/2011 5:56 PM 141792]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [9/14/2006 3:23 PM 12160]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/2/2011 5:56 PM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/2/2011 5:56 PM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/2/2011 5:56 PM 88544]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 12:55 PM 135664]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [9/14/2006 3:23 PM 7040]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 12:55 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/2/2011 5:56 PM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/2/2011 5:56 PM 84264]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 11:55]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 11:55]
.
2011-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003Core.job
- c:\documents and settings\Russell Dobash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-04 14:41]
.
2011-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003UA.job
- c:\documents and settings\Russell Dobash\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-04 14:41]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-20 23:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-10-20 23:25:44
ComboFix-quarantined-files.txt 2011-10-20 22:25
ComboFix2.txt 2011-10-20 22:01
ComboFix3.txt 2011-10-20 21:41
ComboFix4.txt 2011-10-20 02:30
ComboFix5.txt 2011-10-20 22:17
.
Pre-Run: 132,845,654,016 bytes free
Post-Run: 132,830,543,872 bytes free
.
- - End Of File - - FC37B9AC049EC43EC7EF25EDA9EF5580
 
Excellent!
It looks like we're out of the woods....

How is computer doing?

Post fresh OTL "Quick scan" log.
 
OTL Quick Scan Output

OTL logfile created on: 10/20/2011 11:35:32 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Russell Dobash\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.17% Memory free
3.84 Gb Paging File | 3.42 Gb Available in Paging File | 89.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.92 Gb Total Space | 123.73 Gb Free Space | 83.09% Space Free | Partition Type: NTFS
Drive F: | 1001.25 Mb Total Space | 1000.68 Mb Free Space | 99.94% Space Free | Partition Type: FAT32

Computer Name: UNIVERSI-2DDE3C | User Name: Russell Dobash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/20 18:34:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
PRC - [2011/01/17 16:15:32 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/10/07 20:34:28 | 000,257,096 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsShld.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/14 11:53:48 | 003,338,296 | ---- | M] (Freecom) -- C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
PRC - [2005/11/21 15:55:16 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
PRC - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/20 03:01:46 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df620e42\mscorlib.dll
MOD - [2011/10/20 03:01:42 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_8685ae70\system.drawing.dll
MOD - [2011/10/20 03:01:31 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a1e531e9\system.xml.dll
MOD - [2011/10/20 03:01:25 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f00b8d1f\system.windows.forms.dll
MOD - [2011/10/20 03:01:06 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_006ebf2b\system.dll
MOD - [2011/10/20 03:00:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/20 03:00:52 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2009/11/17 12:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009/01/29 12:27:06 | 000,310,800 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saset.dll
MOD - [2009/01/29 12:27:04 | 000,652,304 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sacore.dll
MOD - [2009/01/29 12:27:02 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/01/29 12:27:00 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/01/29 12:26:58 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2009/01/23 10:46:22 | 000,351,248 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
MOD - [2009/01/23 10:46:14 | 000,056,336 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
MOD - [2007/12/02 13:22:33 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2007/12/02 13:22:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/12/02 13:22:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/12/02 13:22:30 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/12/02 13:22:30 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2007/05/11 00:50:00 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2005/08/10 15:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll
MOD - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
MOD - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
MOD - [2003/10/08 11:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll
MOD - [2003/06/30 15:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll
MOD - [2002/10/03 11:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll
MOD - [2002/04/09 07:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (Micorsoft Windows Service)
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/10/07 13:01:04 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/12/13 15:10:00 | 000,007,040 | ---- | M] (Freecom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gonzales.sys -- (Gonzales)
DRV - [2005/11/28 21:55:46 | 000,012,160 | ---- | M] (Freecom) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Bonifay.sys -- (Bonifay)
DRV - [2005/09/20 11:22:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 74 E1 15 8A 27 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/10/07 13:30:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/20 23:24:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110402175609.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKCU..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe (Freecom)
O4 - Startup: C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\lmllhkfv.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1243236794562 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C06FEDC-A9E2-4DCB-AAA4-435CE2FF8659}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/10 12:30:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/20 23:35:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
[2011/10/20 23:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
[2011/10/20 22:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/10/20 21:55:54 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Russell Dobash\Desktop\boot_cleaner.exe
[2011/10/20 21:35:40 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
[2011/10/20 13:49:02 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Russell Dobash\Desktop\FixTDSS.exe
[2011/10/20 03:04:14 | 004,265,077 | R--- | C] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\ComboFix.exe
[2011/10/19 08:07:38 | 004,265,077 | R--- | C] (Swearware) -- C:\ComboFix.exe
[2011/10/19 04:00:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/19 03:12:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/19 03:12:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/19 03:12:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/19 03:12:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/19 03:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/19 03:11:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/16 19:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Desktop\Graham
[2011/10/15 16:50:26 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\junction.exe
[2011/10/14 21:44:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/13 21:35:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\My Documents\My Videos
[2011/10/13 21:35:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Administrative Tools
[2011/10/13 18:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/13 18:11:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/13 18:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/10 12:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/08 16:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\PCHealth
[2011/10/03 13:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EndNote

========== Files - Modified Within 30 Days ==========

[2011/10/20 23:31:57 | 000,114,035 | --S- | M] () -- C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\lmllhkfv.exe
[2011/10/20 23:24:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/20 23:02:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003UA.job
[2011/10/20 22:34:51 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/20 22:34:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/20 22:33:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/20 22:33:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/20 22:09:23 | 000,039,478 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\remover.JPG
[2011/10/20 21:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/20 18:34:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
[2011/10/20 16:32:52 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
[2011/10/20 08:45:38 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Russell Dobash\Desktop\FixTDSS.exe
[2011/10/20 03:22:04 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 03:06:55 | 000,006,962 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/10/20 03:03:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/19 21:52:58 | 000,450,862 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\GrantPerms.zip
[2011/10/19 04:00:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/19 03:04:46 | 004,265,077 | R--- | M] (Swearware) -- C:\Documents and Settings\Russell Dobash\Desktop\ComboFix.exe
[2011/10/19 03:04:46 | 004,265,077 | R--- | M] (Swearware) -- C:\ComboFix.exe
[2011/10/17 17:07:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/10/17 11:02:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003Core.job
[2011/10/15 10:41:56 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/14 10:56:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 10:56:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 18:09:53 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
[2011/10/08 10:53:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
[2011/10/03 13:39:20 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
[2011/09/28 14:45:42 | 003,052,387 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
[2011/09/28 13:35:19 | 000,327,348 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
[2011/09/27 15:13:48 | 000,077,521 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
[2011/09/25 17:04:00 | 000,456,828 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\GrantPerms.exe

========== Files Created - No Company Name ==========

[2011/10/20 23:31:58 | 000,114,035 | --S- | C] () -- C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\lmllhkfv.exe
[2011/10/20 22:09:23 | 000,039,478 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\remover.JPG
[2011/10/20 02:56:22 | 000,456,828 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\GrantPerms.exe
[2011/10/20 02:56:10 | 000,450,862 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\GrantPerms.zip
[2011/10/19 04:00:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/19 04:00:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/19 03:12:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/19 03:12:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/19 03:12:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/19 03:12:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/19 03:12:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/17 17:07:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/10/13 18:09:51 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
[2011/10/08 10:53:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
[2011/10/03 13:36:43 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R2D2- LIBRARY- ALL REFS 29Aug2011 Copy Copy Copy.enl
[2011/09/29 13:27:14 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\R2D2- all.refs Note7, aug29.enl
[2011/09/29 10:48:03 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
[2011/09/28 14:45:42 | 003,052,387 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
[2011/09/28 13:41:43 | 000,006,962 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/28 13:35:19 | 000,327,348 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
[2011/09/27 15:13:48 | 000,077,521 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
[2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/11/17 12:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/05 14:54:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\fusioncache.dat
[2007/06/25 14:23:50 | 000,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/06/25 14:23:39 | 000,001,359 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/06/25 14:19:34 | 000,093,585 | ---- | C] () -- C:\WINDOWS\hppins03.dat
[2007/06/25 14:19:34 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
[2007/06/25 11:08:57 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2007/06/25 11:08:57 | 000,000,526 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
[2007/06/23 11:15:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/06/23 11:10:16 | 000,093,474 | ---- | C] () -- C:\WINDOWS\hppins03.dat.temp
[2007/06/23 11:10:16 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat.temp
[2007/03/16 15:33:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2006/12/02 11:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/09/20 13:38:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2006/09/20 13:38:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/08/28 14:04:31 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/08/24 12:15:21 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/10 13:11:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/10 13:10:48 | 000,307,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/10 12:42:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/10 12:32:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/10 12:27:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,383,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,053,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/12/21 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2010/03/09 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/03/09 14:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2011/10/03 13:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\EndNote
[2007/11/28 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Leadertech
[2010/09/20 13:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\MSNInstaller
[2009/12/21 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Tatara Systems

========== Purity Check ==========



< End of report >
 
Sorry Broni. I was just checking things out.

Google searches on IE: good no hijacking
McAfee: opens a blank window
Adobe reader: still gets invalid plugin and more worryingly opens a command prompt titled
"c:\windows\system32\ntvdm.exe"
 
Your computer was very seriously infected.
You may need to reinstall McAfee and Adobe Reader.
As for McAfee use removal tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
Install fresh copy.

But run this first...

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    DRV - File not found [Kernel | Unknown | Running] -- -- (Micorsoft Windows Service)
    O4 - HKCU..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe ()
    O4 - Startup: C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\lmllhkfv.exe ()
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe ()
    [2011/10/20 23:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
    [2011/10/20 23:31:57 | 000,114,035 | --S- | M] () -- C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\lmllhkfv.exe
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. Only one log will be created.
 
OTL Fix Output

All processes killed
========== OTL ==========
Error: Unable to stop service Micorsoft Windows Service!
Service\Driver key Micorsoft Windows Service not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LmlLhkfv deleted successfully.
File move failed. C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\lmllhkfv.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe deleted successfully.
File \Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe not found.
Folder move failed. C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\lmllhkfv.exe scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Russell Dobash
->Temp folder emptied: 167283 bytes
->Temporary Internet Files folder emptied: 1081909 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 886 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 345 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Russell Dobash
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 10212011_000245

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\lmllhkfv.exe scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
OTL Quick Scan Output

OTL logfile created on: 10/21/2011 12:08:15 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Russell Dobash\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.37% Memory free
3.84 Gb Paging File | 3.44 Gb Available in Paging File | 89.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.92 Gb Total Space | 123.71 Gb Free Space | 83.07% Space Free | Partition Type: NTFS
Drive F: | 1001.25 Mb Total Space | 997.86 Mb Free Space | 99.66% Space Free | Partition Type: FAT32

Computer Name: UNIVERSI-2DDE3C | User Name: Russell Dobash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/20 18:34:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/10/12 14:56:44 | 000,164,384 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\McVsMap.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/14 11:53:48 | 003,338,296 | ---- | M] (Freecom) -- C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
PRC - [2005/11/21 15:55:16 | 000,045,056 | ---- | M] (HP) -- C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
PRC - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
PRC - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/20 03:01:46 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df620e42\mscorlib.dll
MOD - [2011/10/20 03:01:42 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_8685ae70\system.drawing.dll
MOD - [2011/10/20 03:01:31 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a1e531e9\system.xml.dll
MOD - [2011/10/20 03:01:25 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f00b8d1f\system.windows.forms.dll
MOD - [2011/10/20 03:01:06 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_006ebf2b\system.dll
MOD - [2011/10/20 03:00:53 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/10/20 03:00:52 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2009/11/17 12:08:34 | 000,197,424 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2009/01/29 12:27:06 | 000,310,800 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\saset.dll
MOD - [2009/01/29 12:27:04 | 000,652,304 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sacore.dll
MOD - [2009/01/29 12:27:02 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/01/29 12:27:00 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/01/29 12:26:58 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2009/01/23 10:46:22 | 000,351,248 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll
MOD - [2009/01/23 10:46:18 | 000,013,840 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
MOD - [2009/01/23 10:46:14 | 000,056,336 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll
MOD - [2007/12/02 13:22:33 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2007/12/02 13:22:32 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007/12/02 13:22:31 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2007/12/02 13:22:30 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2007/12/02 13:22:30 | 000,131,072 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll
MOD - [2005/08/10 15:36:52 | 000,045,056 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\Security.dll
MOD - [2005/06/13 15:45:54 | 000,827,392 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
MOD - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
MOD - [2003/10/08 11:23:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\RM_DEV_CODE.dll
MOD - [2003/06/30 15:37:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\ProcNICs.dll
MOD - [2002/10/03 11:57:30 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\PingDLL.dll
MOD - [2002/04/09 07:49:22 | 000,110,592 | ---- | M] () -- C:\Program Files\Belkin\Belkin Wireless Network Utility\GEMWEP.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/01/23 10:46:14 | 000,203,280 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2004/03/29 16:08:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe -- (Belkin Wireless USB Network Adapter Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (Micorsoft Windows Service)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/10/07 13:01:04 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/12/13 15:10:00 | 000,007,040 | ---- | M] (Freecom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gonzales.sys -- (Gonzales)
DRV - [2005/11/28 21:55:46 | 000,012,160 | ---- | M] (Freecom) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Bonifay.sys -- (Bonifay)
DRV - [2005/09/20 11:22:37 | 000,009,344 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - [2005/08/02 23:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 74 E1 15 8A 27 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/10/07 13:30:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/10/20 23:24:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110402175609.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKCU..\Run: [LmlLhkfv] C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Startup\Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe (Freecom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1243236794562 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C06FEDC-A9E2-4DCB-AAA4-435CE2FF8659}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF6EECDD-5905-4FCB-9358-4CEEAACF8E93}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe) -C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi\lmllhkfv.exe File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/10 12:30:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/10/21 00:10:46 | 000,000,000 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/21 00:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/10/21 00:03:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/20 23:35:16 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
[2011/10/20 23:31:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\dgtvwkvi
[2011/10/20 21:55:54 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\Russell Dobash\Desktop\boot_cleaner.exe
[2011/10/20 21:35:40 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
[2011/10/20 13:49:02 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Russell Dobash\Desktop\FixTDSS.exe
[2011/10/19 04:00:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/19 03:12:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/19 03:12:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/19 03:12:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/19 03:12:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/19 03:12:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/19 03:11:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/16 19:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Desktop\Graham
[2011/10/15 16:50:26 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\junction.exe
[2011/10/14 21:44:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/13 21:35:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\My Documents\My Videos
[2011/10/13 21:35:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Russell Dobash\Start Menu\Programs\Administrative Tools
[2011/10/13 18:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/13 18:11:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/13 18:11:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/10 12:12:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/08 16:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\PCHealth
[2011/10/03 13:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EndNote

========== Files - Modified Within 30 Days ==========

[2011/10/21 00:07:16 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/10/21 00:07:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/21 00:06:59 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/21 00:06:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/21 00:02:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003UA.job
[2011/10/20 23:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/20 23:24:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/20 22:09:23 | 000,039,478 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\remover.JPG
[2011/10/20 18:34:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Russell Dobash\Desktop\OTL.exe
[2011/10/20 16:32:52 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Russell Dobash\Desktop\tdsskiller.exe
[2011/10/20 08:45:38 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Russell Dobash\Desktop\FixTDSS.exe
[2011/10/20 03:22:04 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/20 03:06:55 | 000,006,962 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/10/20 03:03:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/19 21:52:58 | 000,450,862 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\GrantPerms.zip
[2011/10/19 04:00:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/19 03:04:46 | 004,265,077 | R--- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\ComboFix.exe
[2011/10/19 03:04:46 | 004,265,077 | R--- | M] () -- C:\ComboFix.exe
[2011/10/17 17:07:47 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/10/17 11:02:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1482476501-839522115-1003Core.job
[2011/10/15 10:41:56 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/14 10:56:03 | 000,383,254 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/14 10:56:03 | 000,053,608 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 18:09:53 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
[2011/10/08 10:53:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
[2011/10/03 13:39:20 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
[2011/09/28 14:45:42 | 003,052,387 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
[2011/09/28 13:35:19 | 000,327,348 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
[2011/09/27 15:13:48 | 000,077,521 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
[2011/09/25 17:04:00 | 000,456,828 | ---- | M] () -- C:\Documents and Settings\Russell Dobash\Desktop\GrantPerms.exe

========== Files Created - No Company Name ==========

[2011/10/20 22:09:23 | 000,039,478 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\remover.JPG
[2011/10/20 03:04:14 | 004,265,077 | R--- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\ComboFix.exe
[2011/10/20 02:56:22 | 000,456,828 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\GrantPerms.exe
[2011/10/20 02:56:10 | 000,450,862 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\GrantPerms.zip
[2011/10/19 08:07:38 | 004,265,077 | R--- | C] () -- C:\ComboFix.exe
[2011/10/19 04:00:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/19 04:00:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/19 03:12:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/19 03:12:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/19 03:12:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/19 03:12:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/19 03:12:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/17 17:07:47 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/10/13 18:09:51 | 000,001,475 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Windows Explorer.lnk
[2011/10/08 10:53:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\{1B656103-8EBE-4A37-9FFD-96C2B7FC51F5}
[2011/10/03 13:36:43 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\R2D2- LIBRARY- ALL REFS 29Aug2011 Copy Copy Copy.enl
[2011/09/29 13:27:14 | 000,029,076 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\R2D2- all.refs Note7, aug29.enl
[2011/09/29 10:48:03 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Test.2 Endnote R2D2.enl
[2011/09/28 14:45:42 | 003,052,387 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\My Documents\Interval International.pdf
[2011/09/28 13:41:43 | 000,006,962 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/28 13:35:19 | 000,327,348 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\Become a Contestant America's Outstanding Mom-Grethen Pope.mht
[2011/09/27 15:13:48 | 000,077,521 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Desktop\2004Murder in Florida.pdf
[2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/11/17 12:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/09/05 14:54:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\fusioncache.dat
[2007/06/25 14:23:50 | 000,000,462 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2007/06/25 14:23:39 | 000,001,359 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2007/06/25 14:19:34 | 000,093,585 | ---- | C] () -- C:\WINDOWS\hppins03.dat
[2007/06/25 14:19:34 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat
[2007/06/25 11:08:57 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DLL
[2007/06/25 11:08:57 | 000,000,526 | R--- | C] () -- C:\WINDOWS\System32\hppapr02.DAT
[2007/06/23 11:15:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007/06/23 11:10:16 | 000,093,474 | ---- | C] () -- C:\WINDOWS\hppins03.dat.temp
[2007/06/23 11:10:16 | 000,001,822 | ---- | C] () -- C:\WINDOWS\hppmdl03.dat.temp
[2007/03/16 15:33:58 | 000,000,072 | ---- | C] () -- C:\WINDOWS\hdkctnts.ini
[2006/12/02 11:52:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2006/09/20 13:38:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\B11gUSB.dll
[2006/09/20 13:38:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2006/08/28 14:04:31 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2006/08/28 14:04:31 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2006/08/24 12:15:21 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Russell Dobash\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/10 13:11:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/10 13:10:48 | 000,307,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/10 12:42:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/10 12:32:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/10 12:27:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 13:00:00 | 000,383,254 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 13:00:00 | 000,053,608 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2009/12/21 17:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\O2CM-CE
[2010/03/09 14:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2010/03/09 14:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2011/10/03 13:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\EndNote
[2007/11/28 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Leadertech
[2010/09/20 13:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\MSNInstaller
[2009/12/21 18:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Russell Dobash\Application Data\Tatara Systems

========== Purity Check ==========



< End of report >
 
I can see our issue is back.

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
I can now get to techspot on the infected computer but clicking the link in the post the address that comes up is go.redirectingat com then I get OOps IE could not connect to www.eset.com
 
OK. Do NOT connect any USB sticks anymore.
That stick may be an issue.

Post new aswMBR log.

Delete your Combofix file, download fresh one and post new log.
 
Back