TechSpot

Trojan horse Crypt.AQLW, Internet pops up, computer crashing

Solved
By Pr011
Feb 24, 2012
  1. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    I ran Combofix in safe mode with the script. No problems encounted. Log below:

    ComboFix 12-03-04.01 - Mark 05/03/2012 22:54:01.4.4 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2736 [GMT 0:00]
    Running from: c:\users\Mark\Desktop\ComboFix.exe
    Command switches used :: c:\users\Mark\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\windows\system32\dds_trash_log.cmd"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\dds_trash_log.cmd
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-05 23:01 . 2012-03-05 23:01 -------- d-----w- c:\users\Mark\AppData\Local\temp
    2012-03-05 23:01 . 2012-03-05 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-03 08:28 . 2012-03-03 08:28 -------- d-----w- C:\_OTL
    2012-02-26 13:17 . 2012-02-26 13:17 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2012-02-26 13:17 . 2012-02-26 13:17 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2012-02-26 13:17 . 2012-02-26 13:17 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2012-02-26 13:17 . 2012-02-26 13:17 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2012-02-26 03:14 . 2012-03-01 17:24 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
    2012-02-26 01:22 . 2012-03-04 22:39 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
    2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-22 00:17 . 2012-03-02 12:46 -------- d-----w- c:\users\UpdatusUser
    2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
    2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
    2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
    2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
    2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
    2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
    2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
    2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
    2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
    2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-04 22:41 . 2011-03-14 13:06 66560 ----a-w- c:\windows\system32\drivers\smb.sys
    2012-03-04 02:40 . 2011-03-14 13:06 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
    2012-02-28 16:25 . 2011-03-14 13:08 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
    2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
    2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
    2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
    2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
    2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
    2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
    2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
    2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
    2012-02-26 13:17 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
    "DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
    "Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
    NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
    backup=c:\windows\pss\Update Agent.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
    2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    qmofiltr
    pserve
    vmparport
    k750mdfl
    delldmi
    hcf_msft
    knobserv
    tvtpktfilter
    datasvr2
    amdk77
    clsched
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
    .
    2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
    .
    2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://news.bbc.co.uk/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: mod.uk\www.westminster
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-05 23:01
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
    26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
    "??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
    .
    [HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
    "datasecu"=hex:f4,f1,7f,cf,66,dd,ac,72,8d,ac,be,3a,9d,4b,e4,d9,ab,7b,d6,f6,9d,
    0d,17,ea,ee,d3,da,33,d4,78,a6,c5,ea,e0,39,41,67,35,ac,cc,d6,8a,b3,9d,50,a5,\
    "rkeysecu"=hex:d1,e1,fa,c4,59,30,95,93,46,98,0f,5a,99,e8,81,17
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-03-05 23:03:48
    ComboFix-quarantined-files.txt 2012-03-05 23:03
    ComboFix2.txt 2012-03-05 04:33
    ComboFix3.txt 2012-02-26 03:26
    .
    Pre-Run: 39,307,862,016 bytes free
    Post-Run: 39,200,677,888 bytes free
    .
    - - End Of File - - 2C64B2E244524CD89BC5C88155509D8F
     
  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Very well :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  3. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    Completed with no issues (still in safe mode):

    OTL logfile created on: 05/03/2012 23:15:12 - Run 2
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Mark\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19190)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.25 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 82.20% Memory free
    6.68 Gb Paging File | 6.36 Gb Available in Paging File | 95.18% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 36.61 Gb Free Space | 24.56% Space Free | Partition Type: NTFS
    Drive F: | 596.17 Gb Total Space | 323.89 Gb Free Space | 54.33% Space Free | Partition Type: NTFS

    Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (No Company Name) ==========

    MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (WUSB54GSv2SVC)
    SRV - File not found [Auto | Stopped] -- -- (vmparport)
    SRV - File not found [Auto | Stopped] -- -- (tvtpktfilter)
    SRV - File not found [Auto | Stopped] -- -- (qmofiltr)
    SRV - File not found [Auto | Stopped] -- -- (pserve)
    SRV - File not found [Auto | Stopped] -- -- (k750mdfl)
    SRV - File not found [Auto | Stopped] -- -- (hcf_msft)
    SRV - File not found [Auto | Stopped] -- -- (datasvr2)
    SRV - File not found [Auto | Stopped] -- -- (clsched)
    SRV - File not found [Auto | Stopped] -- -- (amdk77)
    SRV - [2012/02/10 04:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/02/09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/02/07 21:42:02 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/03/12 10:49:39 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2008/11/04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
    SRV - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
    SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCASp50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mbr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (jbridgep)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
    DRV - File not found [File_System | System | Stopped] -- -- (DfsC)
    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ar92bz9x)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AFGMp50)
    DRV - [2012/02/10 04:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2009/04/10 21:46:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2009/01/02 13:26:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/12/13 17:37:38 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/08/22 18:56:12 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2008/08/22 18:56:08 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2008/08/22 18:55:54 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2008/08/22 18:55:46 | 000,007,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
    DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/06/10 20:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
    DRV - [2008/05/26 15:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
    DRV - [2007/10/16 17:14:24 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
    DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2006/10/18 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2004/04/10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto | Stopped] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIH_enGB276
    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 13:17:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/13 19:24:17 | 000,000,000 | ---D | M]

    [2010/06/18 13:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
    [2011/06/17 13:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions
    [2010/06/28 23:49:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/02/26 13:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/02/26 13:17:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/24 22:55:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/26 13:17:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/02/26 13:17:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/26 13:17:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/02/26 13:17:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/02/26 13:17:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/03/05 23:01:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [DLBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
    O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O15 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..Trusted Domains: mod.uk ([www.westminster] https in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E5E81D0-275A-46BF-84A0-ECC564B15F1F}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB12445B-E6D0-47E8-832C-8FAC67E87EAF}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA0E5921-34A6-45FB-A06D-F64850E85263}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3D88CD5-9C0B-4699-9FC5-727F8FD0DD72}: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
    O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: qmofiltr - File not found
    NetSvcs: pserve - File not found
    NetSvcs: vmparport - File not found
    NetSvcs: k750mdfl - File not found
    NetSvcs: delldmi - File not found
    NetSvcs: hcf_msft - File not found
    NetSvcs: knobserv - File not found
    NetSvcs: tvtpktfilter - File not found
    NetSvcs: datasvr2 - File not found
    NetSvcs: amdk77 - File not found
    NetSvcs: clsched - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/05 23:03:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/05 23:03:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp
    [2012/03/05 22:53:05 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/03/05 01:00:55 | 004,426,766 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
    [2012/03/04 23:37:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/04 23:37:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/04 23:37:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/03 08:28:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/03/02 07:20:44 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
    [2012/03/01 17:22:08 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
    [2012/03/01 07:39:44 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
    [2012/02/29 07:12:21 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Mark\Desktop\boot_cleaner.exe
    [2012/02/26 23:57:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\GooredFix Backups
    [2012/02/26 23:56:55 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
    [2012/02/26 22:19:55 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2012/02/26 01:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/26 01:13:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\RK_Quarantine
    [2012/02/25 02:46:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/25 02:45:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/25 02:08:28 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
    [2012/02/24 23:16:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
    [2012/02/24 22:59:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
    [2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/24 22:59:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/02/24 22:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/02/22 00:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2012/02/22 00:15:02 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
    [2012/02/17 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\AVG2012
    [2012/02/17 22:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/02/17 20:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/02/17 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2012/03/05 23:01:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/03/05 22:55:45 | 000,601,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/05 22:55:45 | 000,105,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/05 22:49:30 | 000,362,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/03/05 22:49:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/05 04:36:58 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/05 04:36:58 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/05 04:36:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/05 02:57:42 | 000,002,032 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
    [2012/03/05 02:13:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/05 01:00:55 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
    [2012/03/05 00:27:42 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.exe
    [2012/03/05 00:27:29 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.scr
    [2012/03/05 00:27:13 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.com
    [2012/03/04 22:38:02 | 252,443,841 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/03/03 05:35:44 | 000,000,512 | ---- | M] () -- C:\Users\Mark\Desktop\MBR.dat
    [2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
    [2012/03/02 07:30:17 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
    [2012/03/01 17:21:59 | 002,045,015 | ---- | M] () -- C:\Users\Mark\Desktop\tdsskiller.zip
    [2012/03/01 07:39:45 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
    [2012/02/29 07:11:26 | 001,281,024 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
    [2012/02/28 07:12:02 | 000,000,832 | ---- | M] () -- C:\Users\Mark\Desktop\WinRAR.lnk
    [2012/02/26 23:56:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
    [2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
    [2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
    [2012/02/24 23:16:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
    [2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
    [2012/02/12 11:52:27 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
    [2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/02/12 00:08:17 | 000,153,088 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/11 19:40:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/02/10 04:13:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
    [2012/02/10 04:13:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
    [2012/02/09 20:05:44 | 000,416,064 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
    [2012/02/08 01:49:14 | 002,557,112 | ---- | M] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/05 00:27:38 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.exe
    [2012/03/05 00:27:24 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.scr
    [2012/03/05 00:27:09 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.com
    [2012/03/04 23:37:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/04 23:37:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/04 23:37:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/04 23:37:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/04 23:37:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/03 05:35:44 | 000,000,512 | ---- | C] () -- C:\Users\Mark\Desktop\MBR.dat
    [2012/03/01 17:21:57 | 002,045,015 | ---- | C] () -- C:\Users\Mark\Desktop\tdsskiller.zip
    [2012/02/29 07:11:25 | 001,281,024 | ---- | C] () -- C:\Users\Mark\Desktop\RogueKiller.exe
    [2012/02/28 07:12:02 | 000,000,832 | ---- | C] () -- C:\Users\Mark\Desktop\WinRAR.lnk
    [2012/02/26 04:11:39 | 000,139,264 | ---- | C] () -- C:\Users\Mark\Desktop\SystemLook.exe
    [2012/02/24 23:14:19 | 000,302,592 | ---- | C] () -- C:\Users\Mark\Desktop\jywt1xli.exe
    [2012/02/22 00:15:02 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
    [2012/02/12 11:06:51 | 252,443,841 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/02/09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2012/02/08 01:42:25 | 002,557,112 | ---- | C] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
    [2011/12/18 15:27:34 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE
    [2011/08/21 13:23:23 | 000,000,000 | ---- | C] () -- C:\Users\Mark\AppData\Local\{A847AE50-89B7-42EA-85C7-1A7112475FBB}
    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011/03/14 13:08:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/03/14 13:06:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/11/09 15:10:19 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2010/09/17 12:04:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
    [2010/08/13 15:07:43 | 000,005,097 | ---- | C] () -- C:\Windows\fred2_open_3_6_12r_INF.INI
    [2010/08/13 15:07:37 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12d_INF.INI
    [2010/06/29 21:36:11 | 000,004,592 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3r_INF.INI
    [2010/06/29 21:36:06 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3d_INF.INI
    [2010/06/18 13:36:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

    ========== LOP Check ==========

    [2010/08/12 15:17:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Amazon
    [2008/04/10 15:37:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Atari
    [2012/02/17 22:47:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AVG2012
    [2010/10/31 13:39:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock
    [2011/05/15 01:15:25 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock2
    [2009/09/18 11:00:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Birdstep Technology
    [2009/02/23 02:21:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Command & Conquer 3 Tiberium Wars
    [2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools
    [2011/12/18 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Lite
    [2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Pro
    [2008/03/01 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\eMule
    [2009/07/19 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\kompozer.net
    [2011/01/15 11:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Softland
    [2009/06/09 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Stardock
    [2011/03/15 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SystemRequirementsLab
    [2009/03/04 10:47:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\The Creative Assembly
    [2009/08/30 14:53:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Vodafone
    [2012/03/05 02:17:41 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/01/19 13:55:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/03/05 23:03:48 | 000,011,820 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/04/29 01:13:14 | 004,194,322 | ---- | M] () -- C:\memory_map.tga
    [2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/03/02 22:33:23 | 000,102,800 | ---- | M] () -- C:\OTL.Txt
    [2012/03/05 22:48:52 | 3801,743,360 | -HS- | M] () -- C:\pagefile.sys
    [2008/04/04 16:30:53 | 000,000,436 | ---- | M] () -- C:\profile.txt
    [2012/03/05 00:43:38 | 000,000,370 | ---- | M] () -- C:\rkill.log
    [2010/06/16 20:05:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010/06/16 22:44:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010/06/17 13:48:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2010/06/17 13:56:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2010/06/17 13:56:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2010/06/17 21:49:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010/06/17 22:20:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010/06/18 13:31:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010/06/29 22:29:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2011/10/15 00:55:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010/06/12 21:02:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010/06/12 21:47:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010/06/13 08:04:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010/06/15 20:12:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010/06/15 23:53:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010/06/16 17:27:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010/06/16 18:56:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010/06/16 19:54:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2010/06/16 19:58:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2010/06/16 20:03:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2010/06/16 20:05:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010/06/16 22:44:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010/06/17 13:48:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2010/06/17 13:56:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2010/06/17 13:56:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2010/06/17 21:49:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010/06/17 22:20:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010/06/18 13:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010/06/29 22:29:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2011/10/15 00:55:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010/06/12 21:02:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010/06/12 21:47:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010/06/13 08:04:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010/06/15 20:12:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010/06/15 23:53:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010/06/16 17:27:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010/06/16 18:56:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010/06/16 19:54:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2010/06/16 19:58:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2010/06/16 20:03:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2012/03/01 17:10:41 | 000,003,472 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_01.03.2012_17.10.33_log.txt
    [2012/03/01 17:21:53 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_01.03.2012_17.21.47_log.txt
    [2012/02/26 01:25:04 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_01.22.01_log.txt
    [2012/02/26 02:02:01 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_02.01.21_log.txt
    [2012/02/26 13:14:07 | 000,072,818 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_13.13.10_log.txt
    [2012/02/27 02:45:24 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_27.02.2012_02.43.58_log.txt
    [2012/02/27 04:16:29 | 000,074,048 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_27.02.2012_04.15.46_log.txt
    [2012/02/28 07:12:48 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_07.12.42_log.txt
    [2012/02/28 07:13:56 | 000,073,920 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_07.12.58_log.txt
    [2012/02/28 16:30:35 | 000,074,048 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_16.29.33_log.txt
    [2012/03/01 17:23:16 | 000,073,920 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_01.03.2012_17.22.22_log.txt
    [2012/03/03 05:17:46 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_03.03.2012_05.17.42_log.txt
    [2012/03/03 05:26:06 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_03.03.2012_05.26.01_log.txt
    [2012/03/03 05:27:06 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_03.03.2012_05.26.20_log.txt
    [2012/03/04 02:39:35 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_04.03.2012_02.39.02_log.txt
    [2012/03/04 22:40:07 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_04.03.2012_22.38.56_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/03/14 13:24:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/01/30 08:44:30 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\dlbtPP5C.DLL
    [2007/06/27 12:04:44 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5k2.dll
    [2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/05/05 00:50:19 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
    [2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/08/30 14:46:57 | 000,000,574 | -HS- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Mark\Desktop\boot_cleaner.exe
    [2012/03/05 01:00:55 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
    [2012/03/01 07:39:45 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
    [2012/02/26 23:56:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
    [2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
    [2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2012/03/02 07:30:17 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
    [2012/03/05 00:27:42 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.exe
    [2012/02/29 07:11:26 | 001,281,024 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
    [2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
    [2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [2009/05/31 15:52:57 | 007,831,552 | ---- | M] () -- C:\Program Files\Common Files\01.mpeg
    [2009/05/31 15:52:23 | 007,759,872 | ---- | M] () -- C:\Program Files\Common Files\02.mpeg
    [2009/05/31 15:55:11 | 007,792,640 | ---- | M] () -- C:\Program Files\Common Files\03.mpeg
    [2009/06/03 11:18:42 | 002,546,976 | ---- | M] () -- C:\Program Files\Common Files\032.wmv
    [2009/06/09 15:25:03 | 000,000,349 | ---- | M] () -- C:\Program Files\Common Files\04.htm
    [2009/05/31 15:55:22 | 007,794,688 | ---- | M] () -- C:\Program Files\Common Files\04.mpeg
    [2009/06/17 08:58:29 | 002,260,966 | ---- | M] () -- C:\Program Files\Common Files\31.mpeg

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/02/11 19:40:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/03/05 04:36:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/05 02:13:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/05 04:36:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/05 02:17:41 | 000,032,602 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
     
  4. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/02/22 00:19:21 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/02/22 00:18:49 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2012/02/22 00:18:49 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/08/30 14:46:57 | 000,000,402 | -HS- | M] () -- C:\Users\Mark\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2008/08/20 15:45:46 | 000,020,270 | ---- | M] () -- C:\ProgramData\DeviceInstaller.xml
    [2009/04/07 12:42:58 | 000,141,006 | ---- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
    [2010/03/22 15:36:22 | 000,003,499 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2009/05/05 00:47:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

    < End of report >
     
  5. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    OTL doesn't seem to have created an extras.txt log...
     
  6. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    System appears stable with no pop ups so far :)
     
  7. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Good :)

    That's fine but I want you to re-run OTL from normal mode and stay in normal mode.
     
  8. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    System rebooted into normal mode without problems, OTL ran without problems, still no extra.txt log, log below:

    OTL logfile created on: 05/03/2012 23:34:03 - Run 3
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Mark\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19190)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.25 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 72.32% Memory free
    6.68 Gb Paging File | 5.84 Gb Available in Paging File | 87.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 149.05 Gb Total Space | 33.48 Gb Free Space | 22.46% Space Free | Partition Type: NTFS
    Drive F: | 596.17 Gb Total Space | 323.89 Gb Free Space | 54.33% Space Free | Partition Type: NTFS

    Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    PRC - [2012/02/10 04:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/02/10 03:02:27 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2012/02/10 03:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    PRC - [2012/02/09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/10/13 09:31:58 | 002,042,088 | ---- | M] (GameStop Corp.) -- C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/10 23:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2008/11/04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    PRC - [2008/05/26 15:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
    PRC - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
    PRC - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe
    PRC - [2005/08/31 10:46:50 | 001,691,648 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe


    ========== Modules (No Company Name) ==========

    MOD - [2008/05/26 15:14:58 | 000,011,776 | ---- | M] () -- C:\Program Files\Virgin Broadband Wireless\AffinegyServicePS.dll
    MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2005/08/31 10:46:50 | 001,691,648 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (WUSB54GSv2SVC)
    SRV - File not found [Auto | Stopped] -- -- (vmparport)
    SRV - File not found [Auto | Stopped] -- -- (tvtpktfilter)
    SRV - File not found [Auto | Stopped] -- -- (qmofiltr)
    SRV - File not found [Auto | Stopped] -- -- (pserve)
    SRV - File not found [Auto | Stopped] -- -- (k750mdfl)
    SRV - File not found [Auto | Stopped] -- -- (hcf_msft)
    SRV - File not found [Auto | Stopped] -- -- (datasvr2)
    SRV - File not found [Auto | Stopped] -- -- (clsched)
    SRV - File not found [Auto | Stopped] -- -- (amdk77)
    SRV - [2012/02/10 04:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/02/09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/02/07 21:42:02 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/03/12 10:49:39 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
    SRV - [2008/11/04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
    SRV - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
    SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCASp50)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (jbridgep)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
    DRV - File not found [File_System | System | Stopped] -- -- (DfsC)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (avtjmzhy)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AFGMp50)
    DRV - [2012/02/10 04:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2009/04/10 21:46:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
    DRV - [2009/01/02 13:26:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/12/13 17:37:38 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2008/08/22 18:56:12 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2008/08/22 18:56:08 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2008/08/22 18:55:54 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2008/08/22 18:55:46 | 000,007,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
    DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/06/10 20:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
    DRV - [2008/05/26 15:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
    DRV - [2007/10/16 17:14:24 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
    DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2006/10/18 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2004/04/10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIH_enGB276
    IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 13:17:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/13 19:24:17 | 000,000,000 | ---D | M]

    [2010/06/18 13:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
    [2011/06/17 13:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions
    [2010/06/28 23:49:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/02/26 13:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/02/26 13:17:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/24 22:55:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/26 13:17:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/02/26 13:17:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/26 13:17:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/02/26 13:17:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/02/26 13:17:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/03/05 23:01:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [DLBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
    O4 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O15 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..Trusted Domains: mod.uk ([www.westminster] https in Trusted sites)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E5E81D0-275A-46BF-84A0-ECC564B15F1F}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB12445B-E6D0-47E8-832C-8FAC67E87EAF}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA0E5921-34A6-45FB-A06D-F64850E85263}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3D88CD5-9C0B-4699-9FC5-727F8FD0DD72}: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
    O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: qmofiltr - File not found
    NetSvcs: pserve - File not found
    NetSvcs: vmparport - File not found
    NetSvcs: k750mdfl - File not found
    NetSvcs: delldmi - File not found
    NetSvcs: hcf_msft - File not found
    NetSvcs: knobserv - File not found
    NetSvcs: tvtpktfilter - File not found
    NetSvcs: datasvr2 - File not found
    NetSvcs: amdk77 - File not found
    NetSvcs: clsched - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/05 23:30:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/05 23:03:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/03/05 23:03:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp
    [2012/03/05 22:53:05 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/03/05 01:00:55 | 004,426,766 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
    [2012/03/04 23:37:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/04 23:37:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/04 23:37:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/03 08:28:37 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/03/02 07:20:44 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
    [2012/03/01 17:22:08 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
    [2012/03/01 07:39:44 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
    [2012/02/29 07:12:21 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Mark\Desktop\boot_cleaner.exe
    [2012/02/26 23:57:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\GooredFix Backups
    [2012/02/26 23:56:55 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
    [2012/02/26 22:19:55 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2012/02/26 01:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/26 01:13:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\RK_Quarantine
    [2012/02/25 02:46:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/25 02:45:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/25 02:08:28 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
    [2012/02/24 23:16:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
    [2012/02/24 22:59:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
    [2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/24 22:59:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/02/24 22:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/02/22 00:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2012/02/22 00:15:02 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
    [2012/02/17 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\AVG2012
    [2012/02/17 22:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/02/17 20:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/02/17 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/03/05 23:36:35 | 000,602,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/03/05 23:36:35 | 000,106,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/03/05 23:31:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/05 23:31:05 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/05 23:31:04 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/05 23:30:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/05 23:30:57 | 3488,145,408 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2012/03/05 23:01:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/03/05 22:49:30 | 000,362,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/03/05 02:57:42 | 000,002,032 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
    [2012/03/05 02:13:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/05 01:00:55 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
    [2012/03/05 00:27:42 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.exe
    [2012/03/05 00:27:29 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.scr
    [2012/03/05 00:27:13 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.com
    [2012/03/04 22:38:02 | 252,443,841 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/03/03 05:35:44 | 000,000,512 | ---- | M] () -- C:\Users\Mark\Desktop\MBR.dat
    [2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
    [2012/03/02 07:30:17 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
    [2012/03/01 17:21:59 | 002,045,015 | ---- | M] () -- C:\Users\Mark\Desktop\tdsskiller.zip
    [2012/03/01 07:39:45 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
    [2012/02/29 07:11:26 | 001,281,024 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
    [2012/02/28 07:12:02 | 000,000,832 | ---- | M] () -- C:\Users\Mark\Desktop\WinRAR.lnk
    [2012/02/26 23:56:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
    [2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
    [2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
    [2012/02/24 23:16:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
    [2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
    [2012/02/12 11:52:27 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
    [2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/02/12 00:08:17 | 000,153,088 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/11 19:40:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/02/10 04:13:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
    [2012/02/10 04:13:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
    [2012/02/09 20:05:44 | 000,416,064 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
    [2012/02/08 01:49:14 | 002,557,112 | ---- | M] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/03/05 23:30:57 | 3488,145,408 | -HS- | C] () -- C:\hiberfil.sys
    [2012/03/05 00:27:38 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.exe
    [2012/03/05 00:27:24 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.scr
    [2012/03/05 00:27:09 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.com
    [2012/03/04 23:37:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/04 23:37:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/04 23:37:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/04 23:37:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/04 23:37:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/03 05:35:44 | 000,000,512 | ---- | C] () -- C:\Users\Mark\Desktop\MBR.dat
    [2012/03/01 17:21:57 | 002,045,015 | ---- | C] () -- C:\Users\Mark\Desktop\tdsskiller.zip
    [2012/02/29 07:11:25 | 001,281,024 | ---- | C] () -- C:\Users\Mark\Desktop\RogueKiller.exe
    [2012/02/28 07:12:02 | 000,000,832 | ---- | C] () -- C:\Users\Mark\Desktop\WinRAR.lnk
    [2012/02/26 04:11:39 | 000,139,264 | ---- | C] () -- C:\Users\Mark\Desktop\SystemLook.exe
    [2012/02/24 23:14:19 | 000,302,592 | ---- | C] () -- C:\Users\Mark\Desktop\jywt1xli.exe
    [2012/02/22 00:15:02 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
    [2012/02/12 11:06:51 | 252,443,841 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/02/09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2012/02/08 01:42:25 | 002,557,112 | ---- | C] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
    [2011/12/18 15:27:34 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE
    [2011/08/21 13:23:23 | 000,000,000 | ---- | C] () -- C:\Users\Mark\AppData\Local\{A847AE50-89B7-42EA-85C7-1A7112475FBB}
    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2011/03/14 13:08:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/03/14 13:06:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/11/09 15:10:19 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2010/09/17 12:04:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
    [2010/08/13 15:07:43 | 000,005,097 | ---- | C] () -- C:\Windows\fred2_open_3_6_12r_INF.INI
    [2010/08/13 15:07:37 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12d_INF.INI
    [2010/06/29 21:36:11 | 000,004,592 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3r_INF.INI
    [2010/06/29 21:36:06 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3d_INF.INI
    [2010/06/18 13:36:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

    ========== LOP Check ==========

    [2010/08/12 15:17:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Amazon
    [2008/04/10 15:37:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Atari
    [2012/02/17 22:47:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AVG2012
    [2010/10/31 13:39:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock
    [2011/05/15 01:15:25 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock2
    [2009/09/18 11:00:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Birdstep Technology
    [2009/02/23 02:21:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Command & Conquer 3 Tiberium Wars
    [2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools
    [2011/12/18 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Lite
    [2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Pro
    [2008/03/01 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\eMule
    [2009/07/19 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\kompozer.net
    [2011/01/15 11:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Softland
    [2009/06/09 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Stardock
    [2011/03/15 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SystemRequirementsLab
    [2009/03/04 10:47:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\The Creative Assembly
    [2009/08/30 14:53:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Vodafone
    [2012/03/05 02:17:41 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/01/19 13:55:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/03/05 23:03:48 | 000,011,820 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/03/05 23:30:57 | 3488,145,408 | -HS- | M] () -- C:\hiberfil.sys
    [2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/04/29 01:13:14 | 004,194,322 | ---- | M] () -- C:\memory_map.tga
    [2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/03/02 22:33:23 | 000,102,800 | ---- | M] () -- C:\OTL.Txt
    [2012/03/05 23:30:56 | 3801,743,360 | -HS- | M] () -- C:\pagefile.sys
    [2008/04/04 16:30:53 | 000,000,436 | ---- | M] () -- C:\profile.txt
    [2012/03/05 00:43:38 | 000,000,370 | ---- | M] () -- C:\rkill.log
    [2010/06/16 20:05:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
    [2010/06/16 22:44:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
    [2010/06/17 13:48:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
    [2010/06/17 13:56:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
    [2010/06/17 13:56:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
    [2010/06/17 21:49:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
    [2010/06/17 22:20:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
    [2010/06/18 13:31:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
    [2010/06/29 22:29:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
    [2011/10/15 00:55:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
    [2010/06/12 21:02:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
    [2010/06/12 21:47:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
    [2010/06/13 08:04:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
    [2010/06/15 20:12:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
    [2010/06/15 23:53:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
    [2010/06/16 17:27:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
    [2010/06/16 18:56:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
    [2010/06/16 19:54:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
    [2010/06/16 19:58:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
    [2010/06/16 20:03:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
    [2010/06/16 20:05:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2010/06/16 22:44:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
    [2010/06/17 13:48:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
    [2010/06/17 13:56:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
    [2010/06/17 13:56:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
    [2010/06/17 21:49:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
    [2010/06/17 22:20:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
    [2010/06/18 13:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
    [2010/06/29 22:29:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
    [2011/10/15 00:55:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
    [2010/06/12 21:02:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
    [2010/06/12 21:47:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
    [2010/06/13 08:04:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
    [2010/06/15 20:12:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
    [2010/06/15 23:53:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
    [2010/06/16 17:27:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
    [2010/06/16 18:56:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
    [2010/06/16 19:54:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
    [2010/06/16 19:58:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
    [2010/06/16 20:03:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
    [2012/03/01 17:10:41 | 000,003,472 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_01.03.2012_17.10.33_log.txt
    [2012/03/01 17:21:53 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_01.03.2012_17.21.47_log.txt
    [2012/02/26 01:25:04 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_01.22.01_log.txt
    [2012/02/26 02:02:01 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_02.01.21_log.txt
    [2012/02/26 13:14:07 | 000,072,818 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_13.13.10_log.txt
    [2012/02/27 02:45:24 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_27.02.2012_02.43.58_log.txt
    [2012/02/27 04:16:29 | 000,074,048 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_27.02.2012_04.15.46_log.txt
    [2012/02/28 07:12:48 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_07.12.42_log.txt
    [2012/02/28 07:13:56 | 000,073,920 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_07.12.58_log.txt
    [2012/02/28 16:30:35 | 000,074,048 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_16.29.33_log.txt
    [2012/03/01 17:23:16 | 000,073,920 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_01.03.2012_17.22.22_log.txt
    [2012/03/03 05:17:46 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_03.03.2012_05.17.42_log.txt
    [2012/03/03 05:26:06 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_03.03.2012_05.26.01_log.txt
    [2012/03/03 05:27:06 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_03.03.2012_05.26.20_log.txt
    [2012/03/04 02:39:35 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_04.03.2012_02.39.02_log.txt
    [2012/03/04 22:40:07 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_04.03.2012_22.38.56_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/03/14 13:24:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/01/30 08:44:30 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\dlbtPP5C.DLL
    [2007/06/27 12:04:44 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5k2.dll
    [2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/05/05 00:50:19 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
    [2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
    [2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/08/30 14:46:57 | 000,000,574 | -HS- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Mark\Desktop\boot_cleaner.exe
    [2012/03/05 01:00:55 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
    [2012/03/01 07:39:45 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
    [2012/02/26 23:56:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
    [2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
    [2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
    [2012/03/02 07:30:17 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
    [2012/03/05 00:27:42 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.exe
    [2012/02/29 07:11:26 | 001,281,024 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
    [2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
    [2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >
    [2009/05/31 15:52:57 | 007,831,552 | ---- | M] () -- C:\Program Files\Common Files\01.mpeg
    [2009/05/31 15:52:23 | 007,759,872 | ---- | M] () -- C:\Program Files\Common Files\02.mpeg
    [2009/05/31 15:55:11 | 007,792,640 | ---- | M] () -- C:\Program Files\Common Files\03.mpeg
    [2009/06/03 11:18:42 | 002,546,976 | ---- | M] () -- C:\Program Files\Common Files\032.wmv
    [2009/06/09 15:25:03 | 000,000,349 | ---- | M] () -- C:\Program Files\Common Files\04.htm
    [2009/05/31 15:55:22 | 007,794,688 | ---- | M] () -- C:\Program Files\Common Files\04.mpeg
    [2009/06/17 08:58:29 | 002,260,966 | ---- | M] () -- C:\Program Files\Common Files\31.mpeg

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/02/11 19:40:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/03/05 23:31:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/05 02:13:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/05 23:31:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/05 02:17:41 | 000,032,602 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >
     
  9. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/02/22 00:19:21 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/02/22 00:18:49 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2012/02/22 00:18:49 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/08/30 14:46:57 | 000,000,402 | -HS- | M] () -- C:\Users\Mark\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2008/08/20 15:45:46 | 000,020,270 | ---- | M] () -- C:\ProgramData\DeviceInstaller.xml
    [2009/04/07 12:42:58 | 000,141,006 | ---- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
    [2010/03/22 15:36:22 | 000,003,499 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2009/05/05 00:47:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
    [C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

    < End of report >
     
  10. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    You can reinstall AVG at any time.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Unknown] -- -- (avtjmzhy)
      O15 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..Trusted Domains: mod.uk ([www.westminster] https in Trusted sites)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  11. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    All processes killed
    ========== OTL ==========
    Error: No service named avtjmzhy was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avtjmzhy deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mod.uk\www.westminster\ deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 56504 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Temp folder emptied: 85866 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 27494930 bytes
    ->Flash cache emptied: 1977334 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 56504 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 230210 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 6483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 815844 bytes

    Total Files Cleaned = 29.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Mark
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.35.1 log created on 03062012_000253

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
     
  12. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    CCleaner (remove only)
    Java(TM) 6 Update 31
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player ( 10.3.181.22) Flash Player Out of Date!
    Mozilla Firefox (x86 en-GB..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
     
  13. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    Farbar Service Scanner Version: 01-03-2012
    Ran by Mark (administrator) on 06-03-2012 at 00:07:57
    Running from "C:\Users\Mark\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Attempt to access Yahoo IP returend error: Yahoo IP is offline


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to retrieve start type of MpsSvc. The value does not exist.
    Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
    Unable to retrieve ServiceDll of MpsSvc. The value does not exist.
    Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  14. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Temp folder emptied: 81478 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 19180452 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9769 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 18.00 mb
     
  15. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    Just running the online scan.
     
  16. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    C:\Documents and Settings\Mark\Downloads\SoftonicDownloader_for_emergency-boot-cd-rom.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    C:\Documents and Settings\Mark\Downloads\SoftonicDownloader_for_warzone-2100.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Windows\system32\amdagp.dll.vir probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\01.03.2012_17.22.22\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\03.03.2012_05.26.20\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\04.03.2012_02.39.02\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\04.03.2012_22.38.56\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\26.02.2012_01.22.01\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\26.02.2012_02.01.21\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\27.02.2012_02.43.58\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\27.02.2012_04.15.46\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\28.02.2012_07.12.59\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\28.02.2012_16.29.35\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\03032012_032837\C_Windows\System32\agpcpq.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\03032012_032837\C_Windows\System32\YahooAUService.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\03032012_032837\C_Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
     
  17. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    All of the scans have been completed as requested; logs above. I'm going to put AVG back on in the meantime.
     
  18. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Very well.

    Uninstall Java(TM) 6 Update 7 .

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ====================================================================

    Then we have some issues with missing registry keys.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    Right-Click Root and select Permissions...
    Click Advanced.
    Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
    Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Click Apply and OK.

    Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip downloaded file.
    You'll find several files inside.
    Double-click legacy_mpssvc.reg and confirm the prompt.
    Double-click legacy_bfe and confirm the prompt.
    Double-click mpssvc.reg and confirm the prompt.
    Double-click bfe.reg and confirm the prompt.

    Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
    Restart computer.
    Post new FSS log.
     
  19. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    Above actions have been completed, log below:

    Farbar Service Scanner Version: 01-03-2012
    Ran by Mark (administrator) on 06-03-2012 at 04:04:50
    Running from "C:\Users\Mark\Desktop"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  20. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Excellent!

    If you reinstalled AVG already, make sure Windows firewall is on.

    =================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  21. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Temp folder emptied: 269109 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 43910531 bytes
    ->Flash cache emptied: 456 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 85059 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 9072 bytes

    Total Files Cleaned = 42.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Mark
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Mark
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.35.1 log created on 03062012_042808

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  22. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    Above completed.

    Broni, thank you very much for your help.
     
  23. Pr011

    Pr011 TS Rookie Topic Starter Posts: 66

    Windows firewall is on and the system appears stable and faster.
     
  24. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Way to go!! [​IMG]
    Good luck and stay safe :)
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.