Solved Trojan horse Crypt.AQLW, Internet pops up, computer crashing

[Pr011]

I ran Combofix in safe mode with the script. No problems encounted. Log below:

ComboFix 12-03-04.01 - Mark 05/03/2012 22:54:01.4.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2736 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
Command switches used :: c:\users\Mark\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\dds_trash_log.cmd"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 23:01 . 2012-03-05 23:01 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-03-05 23:01 . 2012-03-05 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 08:28 . 2012-03-03 08:28 -------- d-----w- C:\_OTL
2012-02-26 13:17 . 2012-02-26 13:17 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-26 13:17 . 2012-02-26 13:17 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-26 13:17 . 2012-02-26 13:17 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-26 13:17 . 2012-02-26 13:17 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-26 03:14 . 2012-03-01 17:24 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-26 01:22 . 2012-03-04 22:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 00:17 . 2012-03-02 12:46 -------- d-----w- c:\users\UpdatusUser
2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 22:41 . 2011-03-14 13:06 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2012-03-04 02:40 . 2011-03-14 13:06 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-28 16:25 . 2011-03-14 13:08 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-02-26 13:17 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qmofiltr
pserve
vmparport
k750mdfl
delldmi
hcf_msft
knobserv
tvtpktfilter
datasvr2
amdk77
clsched
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mod.uk\www.westminster
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|http://www.hotmail.com/|http://www.facebook.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-05 23:01
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
"datasecu"=hex:f4,f1,7f,cf,66,dd,ac,72,8d,ac,be,3a,9d,4b,e4,d9,ab,7b,d6,f6,9d,
0d,17,ea,ee,d3,da,33,d4,78,a6,c5,ea,e0,39,41,67,35,ac,cc,d6,8a,b3,9d,50,a5,\
"rkeysecu"=hex:d1,e1,fa,c4,59,30,95,93,46,98,0f,5a,99,e8,81,17
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-05 23:03:48
ComboFix-quarantined-files.txt 2012-03-05 23:03
ComboFix2.txt 2012-03-05 04:33
ComboFix3.txt 2012-02-26 03:26
.
Pre-Run: 39,307,862,016 bytes free
Post-Run: 39,200,677,888 bytes free
.
- - End Of File - - 2C64B2E244524CD89BC5C88155509D8F

 

[Broni]

Very well

Any current issues?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Pr011]

Completed with no issues (still in safe mode):

OTL logfile created on: 05/03/2012 23:15:12 - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 82.20% Memory free
6.68 Gb Paging File | 6.36 Gb Available in Paging File | 95.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 36.61 Gb Free Space | 24.56% Space Free | Partition Type: NTFS
Drive F: | 596.17 Gb Total Space | 323.89 Gb Free Space | 54.33% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WUSB54GSv2SVC)
SRV - File not found [Auto | Stopped] -- -- (vmparport)
SRV - File not found [Auto | Stopped] -- -- (tvtpktfilter)
SRV - File not found [Auto | Stopped] -- -- (qmofiltr)
SRV - File not found [Auto | Stopped] -- -- (pserve)
SRV - File not found [Auto | Stopped] -- -- (k750mdfl)
SRV - File not found [Auto | Stopped] -- -- (hcf_msft)
SRV - File not found [Auto | Stopped] -- -- (datasvr2)
SRV - File not found [Auto | Stopped] -- -- (clsched)
SRV - File not found [Auto | Stopped] -- -- (amdk77)
SRV - [2012/02/10 04:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/07 21:42:02 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/12 10:49:39 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/11/04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Stopped] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (jbridgep)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [File_System | System | Stopped] -- -- (DfsC)
DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ar92bz9x)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AFGMp50)
DRV - [2012/02/10 04:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/04/10 21:46:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/01/02 13:26:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/12/13 17:37:38 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/22 18:56:12 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/08/22 18:56:08 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/08/22 18:55:54 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/08/22 18:55:46 | 000,007,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/10 20:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/05/26 15:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2007/10/16 17:14:24 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/10/18 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto | Stopped] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIH_enGB276
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 13:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/13 19:24:17 | 000,000,000 | ---D | M]

[2010/06/18 13:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/06/17 13:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions
[2010/06/28 23:49:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/26 13:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/26 13:17:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/24 22:55:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/26 13:17:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/26 13:17:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/26 13:17:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/26 13:17:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/26 13:17:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/03/05 23:01:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [DLBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O15 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..Trusted Domains: mod.uk ([www.westminster] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E5E81D0-275A-46BF-84A0-ECC564B15F1F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB12445B-E6D0-47E8-832C-8FAC67E87EAF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA0E5921-34A6-45FB-A06D-F64850E85263}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3D88CD5-9C0B-4699-9FC5-727F8FD0DD72}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: qmofiltr - File not found
NetSvcs: pserve - File not found
NetSvcs: vmparport - File not found
NetSvcs: k750mdfl - File not found
NetSvcs: delldmi - File not found
NetSvcs: hcf_msft - File not found
NetSvcs: knobserv - File not found
NetSvcs: tvtpktfilter - File not found
NetSvcs: datasvr2 - File not found
NetSvcs: amdk77 - File not found
NetSvcs: clsched - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 23:03:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/05 23:03:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp
[2012/03/05 22:53:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/05 01:00:55 | 004,426,766 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/03/04 23:37:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/04 23:37:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/04 23:37:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/03 08:28:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/02 07:20:44 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
[2012/03/01 17:22:08 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2012/03/01 07:39:44 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
[2012/02/29 07:12:21 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Mark\Desktop\boot_cleaner.exe
[2012/02/26 23:57:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\GooredFix Backups
[2012/02/26 23:56:55 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
[2012/02/26 22:19:55 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/02/26 01:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/26 01:13:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\RK_Quarantine
[2012/02/25 02:46:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/25 02:45:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/25 02:08:28 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/24 23:16:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/02/24 22:59:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/24 22:59:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/24 22:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/22 00:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/02/22 00:15:02 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/17 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\AVG2012
[2012/02/17 22:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/17 20:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/17 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/03/05 23:01:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/05 22:55:45 | 000,601,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/05 22:55:45 | 000,105,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/05 22:49:30 | 000,362,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/05 22:49:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/05 04:36:58 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 04:36:58 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 04:36:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/05 02:57:42 | 000,002,032 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2012/03/05 02:13:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/05 01:00:55 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/03/05 00:27:42 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.exe
[2012/03/05 00:27:29 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.scr
[2012/03/05 00:27:13 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.com
[2012/03/04 22:38:02 | 252,443,841 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/03 05:35:44 | 000,000,512 | ---- | M] () -- C:\Users\Mark\Desktop\MBR.dat
[2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2012/03/02 07:30:17 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
[2012/03/01 17:21:59 | 002,045,015 | ---- | M] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2012/03/01 07:39:45 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
[2012/02/29 07:11:26 | 001,281,024 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/28 07:12:02 | 000,000,832 | ---- | M] () -- C:\Users\Mark\Desktop\WinRAR.lnk
[2012/02/26 23:56:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
[2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/24 23:16:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/12 11:52:27 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/02/12 00:08:17 | 000,153,088 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/11 19:40:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/10 04:13:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/10 04:13:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/02/09 20:05:44 | 000,416,064 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/08 01:49:14 | 002,557,112 | ---- | M] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/05 00:27:38 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.exe
[2012/03/05 00:27:24 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.scr
[2012/03/05 00:27:09 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.com
[2012/03/04 23:37:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/04 23:37:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/04 23:37:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/04 23:37:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/04 23:37:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/03 05:35:44 | 000,000,512 | ---- | C] () -- C:\Users\Mark\Desktop\MBR.dat
[2012/03/01 17:21:57 | 002,045,015 | ---- | C] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2012/02/29 07:11:25 | 001,281,024 | ---- | C] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/28 07:12:02 | 000,000,832 | ---- | C] () -- C:\Users\Mark\Desktop\WinRAR.lnk
[2012/02/26 04:11:39 | 000,139,264 | ---- | C] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/24 23:14:19 | 000,302,592 | ---- | C] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/22 00:15:02 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/02/12 11:06:51 | 252,443,841 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/08 01:42:25 | 002,557,112 | ---- | C] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
[2011/12/18 15:27:34 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE
[2011/08/21 13:23:23 | 000,000,000 | ---- | C] () -- C:\Users\Mark\AppData\Local\{A847AE50-89B7-42EA-85C7-1A7112475FBB}
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/14 13:08:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/14 13:06:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/09 15:10:19 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/09/17 12:04:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/08/13 15:07:43 | 000,005,097 | ---- | C] () -- C:\Windows\fred2_open_3_6_12r_INF.INI
[2010/08/13 15:07:37 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12d_INF.INI
[2010/06/29 21:36:11 | 000,004,592 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3r_INF.INI
[2010/06/29 21:36:06 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3d_INF.INI
[2010/06/18 13:36:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2010/08/12 15:17:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Amazon
[2008/04/10 15:37:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Atari
[2012/02/17 22:47:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AVG2012
[2010/10/31 13:39:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock
[2011/05/15 01:15:25 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock2
[2009/09/18 11:00:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Birdstep Technology
[2009/02/23 02:21:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools
[2011/12/18 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Lite
[2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Pro
[2008/03/01 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\eMule
[2009/07/19 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\kompozer.net
[2011/01/15 11:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Softland
[2009/06/09 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Stardock
[2011/03/15 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SystemRequirementsLab
[2009/03/04 10:47:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\The Creative Assembly
[2009/08/30 14:53:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Vodafone
[2012/03/05 02:17:41 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/01/19 13:55:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/03/05 23:03:48 | 000,011,820 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/29 01:13:14 | 004,194,322 | ---- | M] () -- C:\memory_map.tga
[2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/02 22:33:23 | 000,102,800 | ---- | M] () -- C:\OTL.Txt
[2012/03/05 22:48:52 | 3801,743,360 | -HS- | M] () -- C:\pagefile.sys
[2008/04/04 16:30:53 | 000,000,436 | ---- | M] () -- C:\profile.txt
[2012/03/05 00:43:38 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2010/06/16 20:05:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/06/16 22:44:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/06/17 13:48:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/06/17 13:56:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/06/17 13:56:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/06/17 21:49:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/06/17 22:20:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/06/18 13:31:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/06/29 22:29:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/10/15 00:55:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/06/12 21:02:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/06/12 21:47:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/06/13 08:04:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/06/15 20:12:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/06/15 23:53:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/06/16 17:27:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/06/16 18:56:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/06/16 19:54:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/06/16 19:58:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/06/16 20:03:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/06/16 20:05:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/06/16 22:44:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/06/17 13:48:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/06/17 13:56:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/06/17 13:56:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/06/17 21:49:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/06/17 22:20:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/06/18 13:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/06/29 22:29:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/10/15 00:55:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/06/12 21:02:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/06/12 21:47:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/06/13 08:04:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/06/15 20:12:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/06/15 23:53:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/06/16 17:27:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/06/16 18:56:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/06/16 19:54:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/06/16 19:58:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/06/16 20:03:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2012/03/01 17:10:41 | 000,003,472 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_01.03.2012_17.10.33_log.txt
[2012/03/01 17:21:53 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_01.03.2012_17.21.47_log.txt
[2012/02/26 01:25:04 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_01.22.01_log.txt
[2012/02/26 02:02:01 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_02.01.21_log.txt
[2012/02/26 13:14:07 | 000,072,818 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_13.13.10_log.txt
[2012/02/27 02:45:24 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_27.02.2012_02.43.58_log.txt
[2012/02/27 04:16:29 | 000,074,048 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_27.02.2012_04.15.46_log.txt
[2012/02/28 07:12:48 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_07.12.42_log.txt
[2012/02/28 07:13:56 | 000,073,920 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_07.12.58_log.txt
[2012/02/28 16:30:35 | 000,074,048 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_16.29.33_log.txt
[2012/03/01 17:23:16 | 000,073,920 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_01.03.2012_17.22.22_log.txt
[2012/03/03 05:17:46 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_03.03.2012_05.17.42_log.txt
[2012/03/03 05:26:06 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_03.03.2012_05.26.01_log.txt
[2012/03/03 05:27:06 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_03.03.2012_05.26.20_log.txt
[2012/03/04 02:39:35 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_04.03.2012_02.39.02_log.txt
[2012/03/04 22:40:07 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_04.03.2012_22.38.56_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/03/14 13:24:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/01/30 08:44:30 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\dlbtPP5C.DLL
[2007/06/27 12:04:44 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5k2.dll
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/05/05 00:50:19 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
[2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/30 14:46:57 | 000,000,574 | -HS- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Mark\Desktop\boot_cleaner.exe
[2012/03/05 01:00:55 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/03/01 07:39:45 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
[2012/02/26 23:56:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
[2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/03/02 07:30:17 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
[2012/03/05 00:27:42 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.exe
[2012/02/29 07:11:26 | 001,281,024 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/05/31 15:52:57 | 007,831,552 | ---- | M] () -- C:\Program Files\Common Files\01.mpeg
[2009/05/31 15:52:23 | 007,759,872 | ---- | M] () -- C:\Program Files\Common Files\02.mpeg
[2009/05/31 15:55:11 | 007,792,640 | ---- | M] () -- C:\Program Files\Common Files\03.mpeg
[2009/06/03 11:18:42 | 002,546,976 | ---- | M] () -- C:\Program Files\Common Files\032.wmv
[2009/06/09 15:25:03 | 000,000,349 | ---- | M] () -- C:\Program Files\Common Files\04.htm
[2009/05/31 15:55:22 | 007,794,688 | ---- | M] () -- C:\Program Files\Common Files\04.mpeg
[2009/06/17 08:58:29 | 002,260,966 | ---- | M] () -- C:\Program Files\Common Files\31.mpeg

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/02/11 19:40:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/03/05 04:36:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/05 02:13:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/05 04:36:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/05 02:17:41 | 000,032,602 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

 

[Pr011]

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/02/22 00:19:21 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/02/22 00:18:49 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/02/22 00:18:49 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/08/30 14:46:57 | 000,000,402 | -HS- | M] () -- C:\Users\Mark\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/08/20 15:45:46 | 000,020,270 | ---- | M] () -- C:\ProgramData\DeviceInstaller.xml
[2009/04/07 12:42:58 | 000,141,006 | ---- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/03/22 15:36:22 | 000,003,499 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/05/05 00:47:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

< End of report >

 

[Pr011]

OTL doesn't seem to have created an extras.txt log...

 

[Pr011]

System appears stable with no pop ups so far

 

[Broni]

Good

OTL doesn't seem to have created an extras.txt log...

That's fine but I want you to re-run OTL from normal mode and stay in normal mode.

 

[Pr011]

System rebooted into normal mode without problems, OTL ran without problems, still no extra.txt log, log below:

OTL logfile created on: 05/03/2012 23:34:03 - Run 3
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19190)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 72.32% Memory free
6.68 Gb Paging File | 5.84 Gb Available in Paging File | 87.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 33.48 Gb Free Space | 22.46% Space Free | Partition Type: NTFS
Drive F: | 596.17 Gb Total Space | 323.89 Gb Free Space | 54.33% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2012/02/10 04:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/10 03:02:27 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/10 03:02:07 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2012/02/09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/10/13 09:31:58 | 002,042,088 | ---- | M] (GameStop Corp.) -- C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 23:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/11/04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/05/26 15:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
PRC - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) -- C:\Windows\System32\dlbtcoms.exe
PRC - [2005/08/31 10:46:50 | 001,691,648 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe


========== Modules (No Company Name) ==========

MOD - [2008/05/26 15:14:58 | 000,011,776 | ---- | M] () -- C:\Program Files\Virgin Broadband Wireless\AffinegyServicePS.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2005/08/31 10:46:50 | 001,691,648 | ---- | M] () -- C:\Program Files\NETGEAR\WG311v3\WG311v3.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WUSB54GSv2SVC)
SRV - File not found [Auto | Stopped] -- -- (vmparport)
SRV - File not found [Auto | Stopped] -- -- (tvtpktfilter)
SRV - File not found [Auto | Stopped] -- -- (qmofiltr)
SRV - File not found [Auto | Stopped] -- -- (pserve)
SRV - File not found [Auto | Stopped] -- -- (k750mdfl)
SRV - File not found [Auto | Stopped] -- -- (hcf_msft)
SRV - File not found [Auto | Stopped] -- -- (datasvr2)
SRV - File not found [Auto | Stopped] -- -- (clsched)
SRV - File not found [Auto | Stopped] -- -- (amdk77)
SRV - [2012/02/10 04:13:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/09 20:05:32 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/07 21:42:02 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/12 10:49:39 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- f:\Program Files\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/11/04 11:39:20 | 000,014,336 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/05/26 15:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/07 00:50:14 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (jbridgep)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [File_System | System | Stopped] -- -- (DfsC)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (avtjmzhy)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (AFGMp50)
DRV - [2012/02/10 04:13:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/04/10 21:46:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/01/02 13:26:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/12/13 17:37:38 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/08/22 18:56:12 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/08/22 18:56:08 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/08/22 18:55:54 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/08/22 18:55:46 | 000,007,168 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/10 20:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/05/26 15:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2007/10/16 17:14:24 | 000,256,512 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW13B.sys -- (MRV6X32P)
DRV - [2007/08/09 18:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/10/18 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | Auto | Running] -- C:\Windows\System32\mbmiodrvr.sys -- (mbmiodrvr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIH_enGB276
IE - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 13:17:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/13 19:24:17 | 000,000,000 | ---D | M]

[2010/06/18 13:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2011/06/17 13:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions
[2010/06/28 23:49:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/02/26 13:18:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/26 13:17:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/24 22:55:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/26 13:17:54 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/26 13:17:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/26 13:17:54 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/26 13:17:54 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/26 13:17:54 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/03/05 23:01:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [DLBTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Impulse Now.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (GameStop Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O15 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..Trusted Domains: mod.uk ([www.westminster] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (CDownloadCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E5E81D0-275A-46BF-84A0-ECC564B15F1F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB12445B-E6D0-47E8-832C-8FAC67E87EAF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA0E5921-34A6-45FB-A06D-F64850E85263}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3D88CD5-9C0B-4699-9FC5-727F8FD0DD72}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: qmofiltr - File not found
NetSvcs: pserve - File not found
NetSvcs: vmparport - File not found
NetSvcs: k750mdfl - File not found
NetSvcs: delldmi - File not found
NetSvcs: hcf_msft - File not found
NetSvcs: knobserv - File not found
NetSvcs: tvtpktfilter - File not found
NetSvcs: datasvr2 - File not found
NetSvcs: amdk77 - File not found
NetSvcs: clsched - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 23:30:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/05 23:03:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/05 23:03:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp
[2012/03/05 22:53:05 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/05 01:00:55 | 004,426,766 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/03/04 23:37:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/04 23:37:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/04 23:37:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/03 08:28:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/02 07:20:44 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
[2012/03/01 17:22:08 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2012/03/01 07:39:44 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
[2012/02/29 07:12:21 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Mark\Desktop\boot_cleaner.exe
[2012/02/26 23:57:34 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\GooredFix Backups
[2012/02/26 23:56:55 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
[2012/02/26 22:19:55 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/02/26 01:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/26 01:13:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\RK_Quarantine
[2012/02/25 02:46:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/25 02:45:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/25 02:08:28 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/24 23:16:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/02/24 22:59:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/24 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/24 22:59:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/24 22:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/22 00:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/02/22 00:15:02 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/17 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\AVG2012
[2012/02/17 22:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/17 20:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/02/17 20:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/05 23:36:35 | 000,602,846 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/05 23:36:35 | 000,106,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/05 23:31:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/05 23:31:05 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 23:31:04 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 23:30:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/05 23:30:57 | 3488,145,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/03/05 23:01:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/05 22:49:30 | 000,362,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/05 02:57:42 | 000,002,032 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2012/03/05 02:13:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/05 01:00:55 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/03/05 00:27:42 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.exe
[2012/03/05 00:27:29 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.scr
[2012/03/05 00:27:13 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.com
[2012/03/04 22:38:02 | 252,443,841 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/03 05:35:44 | 000,000,512 | ---- | M] () -- C:\Users\Mark\Desktop\MBR.dat
[2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2012/03/02 07:30:17 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
[2012/03/01 17:21:59 | 002,045,015 | ---- | M] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2012/03/01 07:39:45 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
[2012/02/29 07:11:26 | 001,281,024 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/28 07:12:02 | 000,000,832 | ---- | M] () -- C:\Users\Mark\Desktop\WinRAR.lnk
[2012/02/26 23:56:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
[2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2012/02/24 23:16:05 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\dds.scr
[2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/12 11:52:27 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012/02/12 00:16:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2012/02/12 00:08:17 | 000,153,088 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/11 19:40:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/02/10 04:13:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2012/02/10 04:13:00 | 000,008,772 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2012/02/09 20:05:44 | 000,416,064 | ---- | M] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/08 01:49:14 | 002,557,112 | ---- | M] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/05 23:30:57 | 3488,145,408 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/05 00:27:38 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.exe
[2012/03/05 00:27:24 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.scr
[2012/03/05 00:27:09 | 001,008,141 | ---- | C] () -- C:\Users\Mark\Desktop\rkill.com
[2012/03/04 23:37:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/04 23:37:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/04 23:37:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/04 23:37:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/04 23:37:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/03 05:35:44 | 000,000,512 | ---- | C] () -- C:\Users\Mark\Desktop\MBR.dat
[2012/03/01 17:21:57 | 002,045,015 | ---- | C] () -- C:\Users\Mark\Desktop\tdsskiller.zip
[2012/02/29 07:11:25 | 001,281,024 | ---- | C] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/28 07:12:02 | 000,000,832 | ---- | C] () -- C:\Users\Mark\Desktop\WinRAR.lnk
[2012/02/26 04:11:39 | 000,139,264 | ---- | C] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/02/24 23:14:19 | 000,302,592 | ---- | C] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/02/22 00:15:02 | 000,008,772 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2012/02/12 11:06:51 | 252,443,841 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/09 20:05:44 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/02/08 01:42:25 | 002,557,112 | ---- | C] () -- C:\Users\Mark\Documents\Induction Pack 2010 V2.1.pdf
[2011/12/18 15:27:34 | 000,069,632 | ---- | C] () -- C:\Windows\UNINSTCC.EXE
[2011/08/21 13:23:23 | 000,000,000 | ---- | C] () -- C:\Users\Mark\AppData\Local\{A847AE50-89B7-42EA-85C7-1A7112475FBB}
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/03/14 13:08:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/14 13:06:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/09 15:10:19 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/09/17 12:04:37 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/08/13 15:07:43 | 000,005,097 | ---- | C] () -- C:\Windows\fred2_open_3_6_12r_INF.INI
[2010/08/13 15:07:37 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12d_INF.INI
[2010/06/29 21:36:11 | 000,004,592 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3r_INF.INI
[2010/06/29 21:36:06 | 000,000,453 | ---- | C] () -- C:\Windows\fred2_open_3_6_12_RC3d_INF.INI
[2010/06/18 13:36:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== LOP Check ==========

[2010/08/12 15:17:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Amazon
[2008/04/10 15:37:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Atari
[2012/02/17 22:47:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AVG2012
[2010/10/31 13:39:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock
[2011/05/15 01:15:25 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bioshock2
[2009/09/18 11:00:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Birdstep Technology
[2009/02/23 02:21:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools
[2011/12/18 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Lite
[2008/12/13 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\DAEMON Tools Pro
[2008/03/01 20:39:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\eMule
[2009/07/19 20:44:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\kompozer.net
[2011/01/15 11:53:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Softland
[2009/06/09 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Stardock
[2011/03/15 14:37:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SystemRequirementsLab
[2009/03/04 10:47:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\The Creative Assembly
[2009/08/30 14:53:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Vodafone
[2012/03/05 02:17:41 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/01/19 13:55:26 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/03/05 23:03:48 | 000,011,820 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/03/05 23:30:57 | 3488,145,408 | -HS- | M] () -- C:\hiberfil.sys
[2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/04/29 01:13:14 | 004,194,322 | ---- | M] () -- C:\memory_map.tga
[2008/03/01 22:42:57 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/02 22:33:23 | 000,102,800 | ---- | M] () -- C:\OTL.Txt
[2012/03/05 23:30:56 | 3801,743,360 | -HS- | M] () -- C:\pagefile.sys
[2008/04/04 16:30:53 | 000,000,436 | ---- | M] () -- C:\profile.txt
[2012/03/05 00:43:38 | 000,000,370 | ---- | M] () -- C:\rkill.log
[2010/06/16 20:05:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/06/16 22:44:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/06/17 13:48:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/06/17 13:56:01 | 000,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/06/17 13:56:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/06/17 21:49:22 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/06/17 22:20:16 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/06/18 13:31:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/06/29 22:29:54 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2011/10/15 00:55:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/06/12 21:02:56 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/06/12 21:47:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/06/13 08:04:11 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/06/15 20:12:20 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/06/15 23:53:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/06/16 17:27:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/06/16 18:56:39 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/06/16 19:54:51 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/06/16 19:58:14 | 000,000,232 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/06/16 20:03:50 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/06/16 20:05:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/06/16 22:44:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/06/17 13:48:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/06/17 13:56:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/06/17 13:56:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/06/17 21:49:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/06/17 22:20:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/06/18 13:31:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/06/29 22:29:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2011/10/15 00:55:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/06/12 21:02:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/06/12 21:47:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/06/13 08:04:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/06/15 20:12:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/06/15 23:53:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/06/16 17:27:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/06/16 18:56:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/06/16 19:54:51 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/06/16 19:58:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/06/16 20:03:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2012/03/01 17:10:41 | 000,003,472 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_01.03.2012_17.10.33_log.txt
[2012/03/01 17:21:53 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_01.03.2012_17.21.47_log.txt
[2012/02/26 01:25:04 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_01.22.01_log.txt
[2012/02/26 02:02:01 | 000,073,982 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_02.01.21_log.txt
[2012/02/26 13:14:07 | 000,072,818 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_26.02.2012_13.13.10_log.txt
[2012/02/27 02:45:24 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_27.02.2012_02.43.58_log.txt
[2012/02/27 04:16:29 | 000,074,048 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_27.02.2012_04.15.46_log.txt
[2012/02/28 07:12:48 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_07.12.42_log.txt
[2012/02/28 07:13:56 | 000,073,920 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_07.12.58_log.txt
[2012/02/28 16:30:35 | 000,074,048 | ---- | M] () -- C:\TDSSKiller.2.7.14.0_28.02.2012_16.29.33_log.txt
[2012/03/01 17:23:16 | 000,073,920 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_01.03.2012_17.22.22_log.txt
[2012/03/03 05:17:46 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_03.03.2012_05.17.42_log.txt
[2012/03/03 05:26:06 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.17.0_03.03.2012_05.26.01_log.txt
[2012/03/03 05:27:06 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_03.03.2012_05.26.20_log.txt
[2012/03/04 02:39:35 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_04.03.2012_02.39.02_log.txt
[2012/03/04 22:40:07 | 000,073,900 | ---- | M] () -- C:\TDSSKiller.2.7.18.0_04.03.2012_22.38.56_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/03/14 13:24:29 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/01/30 08:44:30 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\system32\spool\prtprocs\w32x86\dlbtPP5C.DLL
[2007/06/27 12:04:44 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5k2.dll
[2006/11/02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/05/05 00:50:19 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2003/09/03 07:46:54 | 000,010,960 | ---- | M] () -- C:\Program Files\EULA.txt
[2003/12/18 11:33:46 | 000,020,102 | ---- | M] () -- C:\Program Files\Readme.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/08/30 14:46:57 | 000,000,574 | -HS- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/25 02:09:11 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Mark\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Mark\Desktop\boot_cleaner.exe
[2012/03/05 01:00:55 | 004,426,766 | R--- | M] (Swearware) -- C:\Users\Mark\Desktop\ComboFix.exe
[2012/03/01 07:39:45 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Mark\Desktop\FixTDSS.exe
[2012/02/26 23:56:56 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Mark\Desktop\GooredFix.exe
[2012/02/24 23:14:22 | 000,302,592 | ---- | M] () -- C:\Users\Mark\Desktop\jywt1xli.exe
[2012/03/05 23:13:35 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/03/02 07:30:17 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Mark\Desktop\OTLPENet.exe
[2012/03/05 00:27:42 | 001,008,141 | ---- | M] () -- C:\Users\Mark\Desktop\rkill.exe
[2012/02/29 07:11:26 | 001,281,024 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKiller.exe
[2012/02/26 04:11:39 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/03/02 09:40:38 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >
[2009/05/31 15:52:57 | 007,831,552 | ---- | M] () -- C:\Program Files\Common Files\01.mpeg
[2009/05/31 15:52:23 | 007,759,872 | ---- | M] () -- C:\Program Files\Common Files\02.mpeg
[2009/05/31 15:55:11 | 007,792,640 | ---- | M] () -- C:\Program Files\Common Files\03.mpeg
[2009/06/03 11:18:42 | 002,546,976 | ---- | M] () -- C:\Program Files\Common Files\032.wmv
[2009/06/09 15:25:03 | 000,000,349 | ---- | M] () -- C:\Program Files\Common Files\04.htm
[2009/05/31 15:55:22 | 007,794,688 | ---- | M] () -- C:\Program Files\Common Files\04.mpeg
[2009/06/17 08:58:29 | 002,260,966 | ---- | M] () -- C:\Program Files\Common Files\31.mpeg

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/02/11 19:40:26 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/03/05 23:31:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/05 02:13:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/05 23:31:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/05 02:17:41 | 000,032,602 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

 

[Pr011]

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/02/22 00:19:21 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/02/22 00:18:49 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2009/05/05 00:49:23 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/02/22 00:18:49 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/08/30 14:46:57 | 000,000,402 | -HS- | M] () -- C:\Users\Mark\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/08/20 15:45:46 | 000,020,270 | ---- | M] () -- C:\ProgramData\DeviceInstaller.xml
[2009/04/07 12:42:58 | 000,141,006 | ---- | M] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/03/22 15:36:22 | 000,003,499 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2009/05/05 00:47:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

< End of report >

 

[Broni]

You can reinstall AVG at any time.

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  DRV - File not found [Kernel | On_Demand | Unknown] -- -- (avtjmzhy)
  O15 - HKU\S-1-5-21-1867690454-3942458551-2479712260-1000\..Trusted Domains: mod.uk ([www.westminster] https in Trusted sites)
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Pr011]

All processes killed
========== OTL ==========
Error: No service named avtjmzhy was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avtjmzhy deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mod.uk\www.westminster\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mark
->Temp folder emptied: 85866 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27494930 bytes
->Flash cache emptied: 1977334 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 230210 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 815844 bytes

Total Files Cleaned = 29.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mark
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mark
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03062012_000253

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Pr011]

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner (remove only)
Java(TM) 6 Update 31
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player ( 10.3.181.22) Flash Player Out of Date!
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

 

[Pr011]

Farbar Service Scanner Version: 01-03-2012
Ran by Mark (administrator) on 06-03-2012 at 00:07:57
Running from "C:\Users\Mark\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Yahoo IP returend error: Yahoo IP is offline


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to retrieve start type of MpsSvc. The value does not exist.
Checking ImagePath: Attention! Unable to retrieve ImagePath of MpsSvc. The value does not exist.
Unable to retrieve ServiceDll of MpsSvc. The value does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Pr011]

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mark
->Temp folder emptied: 81478 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19180452 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9769 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 18.00 mb

 

[Pr011]

Just running the online scan.

 

[Pr011]

C:\Documents and Settings\Mark\Downloads\SoftonicDownloader_for_emergency-boot-cd-rom.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Documents and Settings\Mark\Downloads\SoftonicDownloader_for_warzone-2100.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\amdagp.dll.vir probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\dfsc.sys.vir a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\01.03.2012_17.22.22\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.03.2012_05.26.20\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.03.2012_02.39.02\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\04.03.2012_22.38.56\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.02.2012_01.22.01\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.02.2012_02.01.21\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.02.2012_02.43.58\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\27.02.2012_04.15.46\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.02.2012_07.12.59\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\28.02.2012_16.29.35\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03032012_032837\C_Windows\System32\agpcpq.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03032012_032837\C_Windows\System32\YahooAUService.dll probably a variant of Win32/Sirefef.ER trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03032012_032837\C_Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined

 

[Pr011]

All of the scans have been completed as requested; logs above. I'm going to put AVG back on in the meantime.

 

[Broni]

Very well.

Uninstall Java(TM) 6 Update 7 .

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

====================================================================

Then we have some issues with missing registry keys.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Click Advanced.
Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_mpssvc.reg and confirm the prompt.
Double-click legacy_bfe and confirm the prompt.
Double-click mpssvc.reg and confirm the prompt.
Double-click bfe.reg and confirm the prompt.

Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
Restart computer.
Post new FSS log.

 

[Pr011]

Above actions have been completed, log below:

Farbar Service Scanner Version: 01-03-2012
Ran by Mark (administrator) on 06-03-2012 at 04:04:50
Running from "C:\Users\Mark\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

Excellent!

If you reinstalled AVG already, make sure Windows firewall is on.

=================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Pr011]

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mark
->Temp folder emptied: 269109 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43910531 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85059 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 9072 bytes

Total Files Cleaned = 42.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mark
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mark
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.35.1 log created on 03062012_042808

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Pr011]

Above completed.

Broni, thank you very much for your help.

 

[Pr011]

Windows firewall is on and the system appears stable and faster.

 

[Broni]

Way to go!!

Good luck and stay safe