Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to update spyware programs,or receive Microsoft updates


  • This topic is locked This topic is locked
5 replies to this topic

#1 omikronn

omikronn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 05 March 2010 - 07:53 AM

Hi - Recently my computer got infected with the rogue XP Antivirus 2009,and I thought Spyware Doctor had removed it.However,since then,I'm unable to connect to Microsoft updates,nor can I Update spyware doctor,spybot,AdAware,or Malwarebytes.Also,I'm not even able to access the websites related to spybot or malwarebytes,so I can't even download any definitions files manually!

GMER AND OTL logs below - can someone advise please?

Omi.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-05 12:23:31
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MRJONE~1\LOCALS~1\Temp\pggcqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB3491FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB348EC80]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7483E52]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB3492580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB34A6900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB34A6B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB34AAB10]
SSDT B3AFEF1C ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB3492670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB348F210]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7484640]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF74848F4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB34A6280]
SSDT B3AFEF3A ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB34A9F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB348F070]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7482B44]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB34A8180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB34A7F40]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7484D60]
SSDT B3AFEF44 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB3491BE0]
SSDT B3AFEF3F ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB3492190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB348F440]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7484112]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB34A7200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB34A7080]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d07027 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d07027@001783171f5b 0xDA 0x59 0x45 0xE2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d07027@0023d6d7208c 0x5A 0xB0 0x23 0x5E ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d07027@0016dbb5678d 0x34 0xFA 0x4E 0xD8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d07027 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d07027@0016dbb5678d 0x89 0xC1 0x1F 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d07027@001783171f5b 0xDA 0x59 0x45 0xE2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d07027@0023d6d7208c 0x5A 0xB0 0x23 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d07027
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d07027@001783171f5b 0xDA 0x59 0x45 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d07027@0023d6d7208c 0x5A 0xB0 0x23 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d07027@0016dbb5678d 0x34 0xFA 0x4E 0xD8 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A92AD0F0-46F5-76C7-97A1-A2002EF3B69A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A92AD0F0-46F5-76C7-97A1-A2002EF3B69A}@iaooigodjkoepapcjd 0x6A 0x61 0x6A 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A92AD0F0-46F5-76C7-97A1-A2002EF3B69A}@haimcflnidfhfmpc 0x6A 0x61 0x6A 0x61 ...

---- EOF - GMER 1.0.15 ----



OTL logfile created on: 04/03/2010 21:53:21 - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Documents and Settings\MR JONES\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 591.00 Mb Available Physical Memory | 58.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 500 750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.80 Gb Total Space | 51.84 Gb Free Space | 46.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MR-9E784D142F75
Current User Name: MR JONES
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/04 11:56:51 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MR JONES\Desktop\OTL.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/08/09 10:12:29 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/15 16:13:06 | 003,662,632 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/07/15 16:13:04 | 000,393,512 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
PRC - [2009/07/15 16:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/07/15 16:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 14:56:18 | 001,123,608 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe


========== Modules (SafeList) ==========

MOD - [2010/03/04 11:56:51 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MR JONES\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RpcSsSharedAccess) Remote Procedure Call (RPC)
SRV - File not found [Disabled | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (ewido anti-spyware 4.0 guard)
SRV - [2010/02/17 14:07:14 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/10/30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/24 11:17:32 | 001,169,232 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/08/09 10:12:29 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/15 16:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/07/15 16:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/02/15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/04/04 14:56:18 | 001,123,608 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2007/01/19 12:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/05/19 16:07:38 | 000,086,016 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\YPcservice.exe -- (YPCService)
SRV - [2003/05/14 17:45:04 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trle.net/
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8081

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.trle.net/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8081
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 8081
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8081
FF - prefs.js..network.proxy.no_proxies_on: "local,*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8081
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8081

FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Components: C:\Program Files\eMusic Remote\xulrunner\components [2008/07/24 18:32:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Remote\Extensions\\Plugins: C:\Program Files\eMusic Remote\xulrunner\plugins [2010/02/26 13:20:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\remoteExt@emusic.com: C:\Program Files\eMusic Remote\remoteExt [2007/10/24 22:04:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/02 09:33:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/02 09:31:55 | 000,000,000 | ---D | M]

[2010/03/02 09:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Mozilla\Extensions
[2009/08/15 18:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/03/04 10:10:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Mozilla\Firefox\Profiles\z3spznd3.default\extensions
[2010/03/02 09:36:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\MR JONES\Application Data\Mozilla\Firefox\Profiles\z3spznd3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/02 09:31:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/16 00:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 00:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 00:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 00:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/11/23 12:20:36 | 000,000,694 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Spyware Doctor\FilterLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Spyware Doctor\FilterLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Spyware Doctor\FilterLSP.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Spyware Doctor\FilterLSP.dll ()
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1219067117437 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.167,93.188.166.39
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (WLControl.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21 - SSODL: UiDbAdm - {4AD3F75C-FC3B-CAB7-F7D2-0AB9D8FDEBBC} - CLSID or File not found.
O24 - Desktop Components:0 (Silent Hill) - http://www.sonypictures.com/movies/silenth...site/index.html
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\MR JONES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MR JONES\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck autocheck ?µ?µ I ?µ?µReboot) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: () - File not found
O34 - HKLM BootExecute: (autocheck D9-A614) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autocheck µ) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/03/23 13:20:07 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/04 21:32:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/04 21:31:25 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/03/04 21:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\WTablet
[2010/03/04 11:56:53 | 000,552,960 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MR JONES\Desktop\OTL.exe
[2010/03/04 11:56:16 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\MR JONES\Desktop\erunt_setup.exe
[2010/03/04 11:56:02 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MR JONES\Desktop\TFC.exe
[2010/03/04 11:36:17 | 000,635,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\MR JONES\Desktop\OTS.exe
[2010/03/03 11:45:11 | 000,096,978 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\MR JONES\Desktop\VirtumundoBeGone.exe
[2010/03/03 11:25:39 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\MR JONES\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/03/03 10:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/03 10:10:07 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\MR JONES\Desktop\HJTInstall.exe
[2010/03/03 02:20:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Desktop\avz4
[2010/03/02 21:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\DoctorWeb
[2010/03/02 10:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/02 10:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Application Data\SUPERAntiSpyware.com
[2010/03/02 10:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/03/02 10:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/03/02 09:33:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Local Settings\Application Data\Mozilla
[2010/03/02 09:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/28 18:36:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/28 18:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/02/28 17:15:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/02/28 15:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Application Data\Malwarebytes
[2010/02/28 15:55:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/28 15:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/28 15:55:29 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/28 15:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/28 15:29:44 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/02/28 15:29:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/02/26 11:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/02/24 17:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Desktop\skyline
[2010/02/24 01:57:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Desktop\zoprium project
[2010/02/22 10:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Desktop\Digital Universe
[2010/02/21 17:44:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Desktop\Boondock Saints
[2010/02/21 17:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Desktop\Within Temptation - The Heart Of Everything
[2010/02/21 16:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Desktop\Wig Wam - Wigwamania
[2010/02/20 17:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Application Data\WTablet
[2010/02/20 16:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MR JONES\Application Data\WTouch
[2010/02/20 16:59:57 | 000,220,968 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Touch_Tablet.dll
[2010/02/20 16:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\WTouch
[2010/02/20 16:59:35 | 006,124,840 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\PenTablet.cpl
[2010/02/20 16:59:28 | 000,011,440 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\WacomVKHid.sys
[2010/02/20 16:59:19 | 000,011,312 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys
[2010/02/20 16:59:15 | 000,013,736 | ---- | C] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys
[2010/02/20 16:59:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WTablet
[2010/02/20 16:59:07 | 000,392,488 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.dll
[2010/02/20 16:59:07 | 000,284,672 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Wintab32.dll
[2010/02/20 16:59:05 | 004,408,616 | ---- | C] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Pen_Tablet.exe
[2010/02/20 16:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Tablet
[2010/02/19 15:30:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\CyberLink
[2010/02/12 18:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/12 18:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/25 19:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/08/02 11:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/30 16:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/05/30 16:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Freecorder
[2009/05/30 16:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/30 16:44:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/05/27 10:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Panda Software
[2008/10/14 22:26:54 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\MR JONES\Application Data\pcouffin.sys
[2008/09/19 08:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2004/09/08 21:33:26 | 000,106,496 | ---- | C] ( ) -- C:\WINDOWS\System32\Screensaver.dll
[2004/07/13 20:36:46 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dsidebarpia.dll

========== Files - Modified Within 14 Days ==========

[2010/03/04 21:46:12 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/03/04 21:31:26 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\NTREGOPT.lnk
[2010/03/04 21:31:26 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\ERUNT.lnk
[2010/03/04 21:30:01 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/03/04 21:29:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/04 21:29:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/04 21:26:41 | 021,495,808 | ---- | M] () -- C:\Documents and Settings\MR JONES\ntuser.dat
[2010/03/04 21:26:41 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\MR JONES\ntuser.ini
[2010/03/04 11:57:14 | 007,020,394 | -H-- | M] () -- C:\Documents and Settings\MR JONES\Local Settings\Application Data\IconCache.db
[2010/03/04 11:56:51 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MR JONES\Desktop\OTL.exe
[2010/03/04 11:56:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\MR JONES\Desktop\erunt_setup.exe
[2010/03/04 11:55:59 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MR JONES\Desktop\TFC.exe
[2010/03/04 11:36:13 | 000,635,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MR JONES\Desktop\OTS.exe
[2010/03/04 11:35:18 | 000,794,112 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\The_Comedian.exe
[2010/03/03 21:38:33 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\dds.scr
[2010/03/03 21:29:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/03/03 11:45:07 | 000,096,978 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\MR JONES\Desktop\VirtumundoBeGone.exe
[2010/03/03 11:30:27 | 000,353,485 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\HostsXpert.zip
[2010/03/03 11:25:37 | 000,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\MR JONES\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010/03/03 10:27:16 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\HijackThis.lnk
[2010/03/03 10:10:06 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\MR JONES\Desktop\HJTInstall.exe
[2010/03/03 10:01:32 | 004,118,287 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\ComboFix.exe
[2010/03/03 01:20:53 | 032,618,800 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\552h7asg.exe
[2010/03/03 01:11:23 | 000,096,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2010/03/02 10:24:46 | 000,001,007 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/02 10:24:46 | 000,000,430 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/02 10:24:46 | 000,000,216 | -HS- | M] () -- C:\boot.ini
[2010/03/02 10:18:06 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/03/02 09:31:59 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/02 09:29:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/28 18:46:54 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MR JONES\regsvr32
[2010/02/28 15:55:37 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 15:33:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/28 15:33:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/28 15:29:19 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/26 21:23:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/26 16:41:42 | 002,705,975 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\PS3 manual.pdf
[2010/02/25 13:11:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/24 22:56:21 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\MR JONES\Application Data\vso_ts_preview.xml
[2010/02/24 12:37:29 | 000,429,636 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/24 12:37:29 | 000,066,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/24 12:37:28 | 000,504,926 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/23 23:16:54 | 000,057,713 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\wendy-combattente-guns-3.jpg
[2010/02/22 18:17:36 | 014,583,759 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\Cracker - Sidi Ifni.wmv
[2010/02/22 18:02:34 | 000,189,952 | ---- | M] () -- C:\Documents and Settings\MR JONES\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/21 14:22:21 | 000,058,528 | ---- | M] () -- C:\Documents and Settings\MR JONES\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/21 12:36:23 | 000,002,477 | ---- | M] () -- C:\Documents and Settings\MR JONES\Desktop\ZBrush3.exe.lnk
[2010/02/20 18:55:54 | 000,000,439 | ---- | M] () -- C:\WINDOWS\System32\TouchTabletUserDefaults.xml
[2010/02/20 18:55:54 | 000,000,439 | ---- | M] () -- C:\WINDOWS\System32\PenTabletUserDefaults.xml
[2010/02/20 09:21:05 | 002,287,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/03/04 21:44:07 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\gmer.exe
[2010/03/04 21:31:26 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\NTREGOPT.lnk
[2010/03/04 21:31:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\ERUNT.lnk
[2010/03/04 11:35:25 | 000,794,112 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\The_Comedian.exe
[2010/03/03 21:38:39 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\dds.scr
[2010/03/03 11:30:32 | 000,353,485 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\HostsXpert.zip
[2010/03/03 10:27:16 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\HijackThis.lnk
[2010/03/03 10:01:56 | 004,118,287 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\ComboFix.exe
[2010/03/03 01:18:24 | 032,618,800 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\552h7asg.exe
[2010/03/02 10:18:06 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010/03/02 09:31:59 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/28 18:46:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MR JONES\regsvr32
[2010/02/28 15:55:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 15:33:41 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/28 15:33:41 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/28 15:33:40 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/28 15:33:40 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/28 15:29:19 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/26 16:41:42 | 002,705,975 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\PS3 manual.pdf
[2010/02/23 23:17:20 | 000,057,713 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\wendy-combattente-guns-3.jpg
[2010/02/22 18:11:29 | 014,583,759 | ---- | C] () -- C:\Documents and Settings\MR JONES\Desktop\Cracker - Sidi Ifni.wmv
[2010/02/20 16:59:36 | 001,593,072 | ---- | C] () -- C:\WINDOWS\System32\PenTablet.znc
[2010/02/20 16:59:01 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\TouchTabletUserDefaults.xml
[2010/02/20 16:59:01 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\PenTabletUserDefaults.xml
[2010/02/11 22:40:21 | 000,009,510 | -HS- | C] () -- C:\Documents and Settings\MR JONES\Local Settings\Application Data\yBoE8
[2010/02/08 22:08:44 | 000,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/02/08 22:08:44 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/01/18 15:57:43 | 000,004,896 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kbkwknay.ayh
[2010/01/18 03:00:56 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/01/03 12:31:57 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/12/31 09:15:54 | 000,000,318 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2009/07/26 11:14:26 | 000,000,159 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/05/28 00:01:31 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/07 15:10:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2009/04/07 15:10:09 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dxinputdll.dll
[2009/02/01 17:54:53 | 000,000,062 | ---- | C] () -- C:\WINDOWS\MyProg.ini
[2008/11/09 23:34:07 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Easy MOV Converter.INI
[2008/10/17 11:22:08 | 000,008,387 | ---- | C] () -- C:\Documents and Settings\MR JONES\Local Settings\Application Data\ShLog.txt
[2008/10/14 22:27:35 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\MR JONES\Application Data\vso_ts_preview.xml
[2008/10/14 22:26:55 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\MR JONES\Application Data\pcouffin.log
[2008/10/14 22:26:54 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\MR JONES\Application Data\inst.exe
[2008/10/14 22:26:54 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\MR JONES\Application Data\pcouffin.cat
[2008/10/14 22:26:54 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\MR JONES\Application Data\pcouffin.inf
[2008/10/14 09:43:29 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/08/21 22:35:52 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/08/20 22:31:43 | 000,004,987 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2008/07/26 15:23:24 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/05/08 19:20:22 | 000,007,070 | ---- | C] () -- C:\WINDOWS\hotblack.ini
[2008/04/06 10:59:14 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2008/04/06 10:59:14 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2008/03/24 14:18:09 | 000,002,839 | ---- | C] () -- C:\WINDOWS\SubCreator.INI
[2008/02/08 22:30:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/01/24 23:05:33 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Easy RM RMVB to DVD Burner.INI
[2008/01/20 14:25:57 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys
[2008/01/18 12:41:28 | 000,000,737 | ---- | C] () -- C:\WINDOWS\AudioDVD.INI
[2008/01/18 11:35:34 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Apollo Audio DVD Creator.INI
[2007/12/03 19:17:08 | 000,001,347 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/11/29 07:29:43 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/11/29 07:26:20 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED92Exp.ini
[2007/10/05 10:05:05 | 002,293,712 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2007/08/18 20:21:19 | 001,319,936 | ---- | C] () -- C:\WINDOWS\libmmfile.dll
[2007/08/18 20:21:19 | 000,869,888 | ---- | C] () -- C:\WINDOWS\sgl.dll
[2007/08/18 20:21:19 | 000,749,568 | ---- | C] () -- C:\WINDOWS\hg_sgl.dll
[2007/08/18 20:21:19 | 000,727,040 | ---- | C] () -- C:\WINDOWS\libmatlb.dll
[2007/08/18 20:21:19 | 000,398,848 | ---- | C] () -- C:\WINDOWS\gui_sgl.dll
[2007/08/18 20:21:19 | 000,100,352 | ---- | C] () -- C:\WINDOWS\hardcopy_sgl.dll
[2007/08/18 20:21:19 | 000,080,896 | ---- | C] () -- C:\WINDOWS\libmat.dll
[2007/08/18 20:21:19 | 000,055,808 | ---- | C] () -- C:\WINDOWS\libmx.dll
[2007/07/25 14:24:30 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/07/16 13:39:41 | 000,007,071 | ---- | C] () -- C:\WINDOWS\raunchy.ini
[2007/07/16 13:39:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Windckl9.dll
[2007/06/02 11:46:32 | 000,153,840 | ---- | C] () -- C:\WINDOWS\System32\ARThumb.dll
[2007/01/15 11:59:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007/01/10 08:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006/11/12 21:42:03 | 000,000,520 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2006/11/04 11:58:02 | 000,121,562 | ---- | C] () -- C:\WINDOWS\System32\picformat32.dll
[2006/11/02 15:51:33 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2006/08/22 00:47:46 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini
[2006/08/22 00:47:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\gscr.dll
[2006/07/02 21:01:17 | 002,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2006/05/06 12:51:42 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\MR JONES\Local Settings\Application Data\fusioncache.dat
[2006/02/26 15:08:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/02/11 16:10:07 | 000,000,059 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2006/02/11 16:10:07 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2006/02/11 16:10:07 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2005/10/12 17:11:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sirenacm(2).dll
[2005/05/29 16:14:15 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/05/08 20:58:57 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\pwrupcid.dll
[2005/04/30 22:43:04 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/30 22:33:40 | 000,000,083 | ---- | C] () -- C:\WINDOWS\TBPlugin.INI
[2005/04/30 22:33:40 | 000,000,058 | ---- | C] () -- C:\WINDOWS\avconfig.ini
[2005/04/28 04:22:34 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/04/28 04:22:34 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/04/24 11:22:43 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/04/10 22:09:53 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll.off
[2005/04/10 22:09:53 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll.off
[2005/04/09 15:01:31 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/04/07 23:06:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/04/06 12:58:20 | 000,007,872 | ---- | C] () -- C:\Documents and Settings\MR JONES\Application Data\wklnhst.dat
[2005/03/30 13:52:09 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC66SeriesEuro.ini
[2005/03/26 10:06:20 | 000,189,952 | ---- | C] () -- C:\Documents and Settings\MR JONES\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/03/23 13:34:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2005/03/23 13:33:04 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2005/03/23 13:32:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004/08/04 12:00:00 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2003/08/28 13:19:08 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\P_MPEG4.dll
[2003/01/25 14:36:50 | 000,254,013 | ---- | C] () -- C:\WINDOWS\System32\lib_wave.dll
[2002/10/15 22:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2000/09/29 09:45:50 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\GLUT32.DLL
[2000/01/11 13:11:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\WinBeep.dll
[2000/01/07 00:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/07 00:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1999/06/14 11:48:48 | 000,119,296 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/05/30 16:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/02/02 17:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009/05/30 15:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2008/07/09 15:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/11/30 14:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2008/11/30 14:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation(2)
[2007/12/03 19:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/01/18 15:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Goland
[2008/10/20 17:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2008/07/09 16:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/10/12 10:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2005/05/21 16:40:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2008/01/19 21:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
[2008/10/20 17:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/05/20 18:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2010/03/04 21:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/25 06:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/11/29 07:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2008/10/15 00:04:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/08/21 14:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\whgvenqb
[2009/01/30 00:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoGen
[2010/02/28 15:29:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2008/11/10 00:37:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\MR JONES\Application Data\.#
[2008/01/19 20:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\.wyzo
[2009/02/01 20:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\ABToolbar
[2009/02/25 23:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Amazon
[2010/02/15 20:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Ambient Design
[2008/01/28 11:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Any Video Converter
[2008/06/27 06:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Any Video Converter Professional
[2009/07/26 12:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Babylon
[2006/03/26 22:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Desktop Sidebar
[2007/10/24 22:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\eMusic
[2010/01/18 03:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\FotoWire
[2010/02/08 22:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Games
[2008/01/26 12:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\GetRightToGo
[2008/01/20 13:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\ImgBurn
[2009/08/15 18:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\IMVU
[2009/08/15 18:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\IMVUClient
[2008/08/15 12:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\iPodder
[2009/04/07 15:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\KALiNKOsoft
[2005/10/29 16:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Leadertech
[2010/01/20 22:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\MenuShrink
[2008/06/07 14:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Motorola
[2005/04/18 17:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\MSNInstaller
[2006/02/23 10:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Musicmatch
[2006/05/06 14:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\NASA
[2005/05/15 12:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\OD2
[2006/10/22 15:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Paltalk
[2008/01/19 21:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Participatory Culture Foundation
[2008/07/09 16:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\PCToolsFirewallPlus
[2005/04/24 13:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Prevx
[2008/10/17 11:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Regrun
[2007/06/09 18:13:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\SecondLife
[2005/08/02 19:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Secretmaker
[2008/03/04 15:51:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\SEGA
[2006/07/08 12:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\STOIK
[2008/06/07 14:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Teleca
[2005/04/06 12:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Template
[2006/10/01 13:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Temporary
[2009/01/29 23:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Thinstall
[2008/08/21 22:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\TrojanHunter
[2008/10/20 17:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Tunebite
[2008/02/17 14:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\TuneUp Software
[2010/02/16 20:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\uTorrent
[2010/02/24 22:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\Vso
[2006/04/06 18:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\WholeSecurity
[2010/02/20 17:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MR JONES\Application Data\WTouch
[2008/04/25 08:27:38 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010/02/28 15:33:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/03/03 21:29:09 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/02/28 15:33:44 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/03/02 09:29:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2001/05/24 11:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: AGP440.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/06/11 01:56:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/06/11 01:56:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/06/11 01:56:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/06/11 01:56:04 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2010/03/03 01:11:23 | 000,096,512 | ---- | M] () MD5=EC04245E83AF4B7BD43E52E0F48FB871 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 12:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/03/23 13:05:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/03/23 13:05:25 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/03/23 13:05:25 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 349 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 168 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\WINDOWS\System32\zlib.dll:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\WINDOWS\System32\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:661DFA1C
< End of report >


OTL Extras logfile created on: 04/03/2010 21:53:21 - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Documents and Settings\MR JONES\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 591.00 Mb Available Physical Memory | 58.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 500 750 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.80 Gb Total Space | 51.84 Gb Free Space | 46.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MR-9E784D142F75
Current User Name: MR JONES
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" = C:\Program Files\Yahoo!\Messenger\ypager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- File not found
"C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D433ADB-010F-4024-AF9E-D7D0855AAFC9}" = USB GAME PAD
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{339E14FF-8FDC-4809-AAF2-87BA22905C7F}" = DirectX for Managed Code Update (December 2004)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{655EE3B7-0113-4C5E-B147-B82BA325643F}" = Saitek SST Programming Software
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70CCD7C5-39E3-40C4-92CB-0A4281CE3B99}" = Motorola Driver Installation
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.0.55
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{84EA7468-47F2-4CAA-9A26-782E47191453}" = MPEG4 Decoder Plug-in
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}" =
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ADBACDF0-9D21-445A-92AF-78019EB1B7C3}" = ArtRage Studio Pro
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B695F0BF-D610-4C5E-B7AC-C9FF6C172CC0}" = Diskeeper 2008 Pro Premier
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2476360-D377-4052-A4AF-93A2EB0AB610}" = Movavi Video Converter 9
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C80E77-E549-4F76-BC07-61DDBD950345}" = Silent Hill 2
"{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBEDD989-D0C3-4DF4-A41C-5FC9DD693E18}" = Agatha Christie - Murder on the Orient Express
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4" = 4 Screensaver
"AC3ACM" = AC-3 ACM Codec
"AC3Filter_is1" = AC3Filter 1.63b
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Any Audio Converter_is1" = Any Audio Converter 1.0.2
"ASAPI Update" = ASAPI Update
"Audacity_is1" = Audacity 1.2.6
"Audio Converter Plus_is1" = Audio Converter Plus 3.33
"Audio DVD Creator_is1" = Audio DVD Creator 1.9.1.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babylon" = Babylon
"black sakura riding" = black sakura riding Screensaver
"Browser Defender_is1" = Browser Defender 2.0.6.11
"BT Home Hub" = BT Home Hub
"BT Softphone 1.5_is1" = BT Softphone 1.5.3.6
"BT Yahoo! Applications" = BT Yahoo! Applications
"btbb.MCCInstall" = BT Broadband Desktop Help
"CD-DA X-Tractor_is1" = CD-DA X-Tractor v0.24
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CoreFLAC Audio Decoder+Source Filter" = CoreFLAC Audio Decoder+Source Filter (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"doax-bv.scr" = doax-bv ScreenSaver
"DVD Audio Ripper" = DVD Audio Ripper
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy MOV Converter_is1" = Easy MOV Converter 1.0.0
"Entriq MediaSphere_is1" = Entriq MediaSphere 3.4.0.10
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb3
"Eye Candy 4000" = Eye Candy 4000
"FlickrDown" = FlickrDown
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
"Fraps" = Fraps (remove only)
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 2.7
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.0" = Freecorder Toolbar 3.0 Application
"Freecorder4.0" = Freecorder 4.0 Application
"FreeSaver_is1" = FreeSaver v2.30
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{84EA7468-47F2-4CAA-9A26-782E47191453}" = MPEG4 Decoder Plug-in (Remove Only)
"IP_Changer__0.2" = IP Changer 0.2
"Juice" = Juice 2.2
"KPT Collection" = KPT® Collection
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mkwACT" = mkw Audio Compression Toolkit
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"mRouterRuntime" =
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Pen Tablet Driver" = Bamboo
"Playlist Creator 3" = Playlist Creator 3
"QcDrv" = Logitech® Camera Driver
"RealAlt_is1" = Real Alternative 1.7.5
"Registry Mechanic_is1" = Registry Mechanic 7.0
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"silenthill_fog" = silenthill_fog Screen Saver
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Spyware Doctor" = Spyware Doctor 7.0
"ST6UNST #1" = TR Level Manager
"SystemRequirementsLab" = System Requirements Lab
"The Times - Exclusive Tomb Raider Level" = The Times - Exclusive Tomb Raider Level
"Tipard MKV Video Converter_is1" = Tipard MKV Video Converter
"Tomb Raider - The Last Revelation" = Tomb Raider - The Last Revelation
"Tomb Raider - The Lost Artifact" = Tomb Raider - The Lost Artifact
"Tomb Raider Chronicles" = Tomb Raider Chronicles
"Tomb Raider II" = Tomb Raider II
"Tomb Raider II Gold" = Tomb Raider II Gold
"TradersLittleHelper_is1" = Trader's Little Helper 2.4.1
"TVUPlayer" = TVUPlayer 2.4.1.0
"VDMSound" = VDMSound
"Video Screensaver Maker (Trial)_is1" = Video Screensaver Maker (Trial)
"VobSub" = VobSub v2.23 (Remove Only)
"Vodafone 804SS USB driver" = Vodafone 804SS USB driver Software
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Zbrush 3.5R2" = Zbrush 3.5R2
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/03/2010 07:57:39 | Computer Name = MR-9E784D142F75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 02/03/2010 17:09:41 | Computer Name = MR-9E784D142F75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 02/03/2010 21:12:01 | Computer Name = MR-9E784D142F75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 03/03/2010 05:32:30 | Computer Name = MR-9E784D142F75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/03/2010 17:16:25 | Computer Name = MR-9E784D142F75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/03/2010 20:07:21 | Computer Name = MR-9E784D142F75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 03/03/2010 22:12:05 | Computer Name = MR-9E784D142F75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 04/03/2010 05:38:38 | Computer Name = MR-9E784D142F75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 04/03/2010 17:12:18 | Computer Name = MR-9E784D142F75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 04/03/2010 17:29:32 | Computer Name = MR-9E784D142F75 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 04/03/2010 17:12:36 | Computer Name = MR-9E784D142F75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Partizan

Error - 04/03/2010 17:14:25 | Computer Name = MR-9E784D142F75 | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 04/03/2010 17:14:32 | Computer Name = MR-9E784D142F75 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 04/03/2010 17:14:36 | Computer Name = MR-9E784D142F75 | Source = Service Control Manager | ID = 7034
Description = The Diskeeper service terminated unexpectedly. It has done this 1
time(s).

Error - 04/03/2010 17:14:40 | Computer Name = MR-9E784D142F75 | Source = Service Control Manager | ID = 7034
Description = The Browser Defender Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 04/03/2010 17:16:57 | Computer Name = MR-9E784D142F75 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 04/03/2010 17:22:51 | Computer Name = MR-9E784D142F75 | Source = Service Control Manager | ID = 7034
Description = The WTouch Service service terminated unexpectedly. It has done this
1 time(s).

Error - 04/03/2010 17:22:51 | Computer Name = MR-9E784D142F75 | Source = Service Control Manager | ID = 7034
Description = The TabletServicePen service terminated unexpectedly. It has done
this 1 time(s).

Error - 04/03/2010 17:29:39 | Computer Name = MR-9E784D142F75 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 04/03/2010 17:29:59 | Computer Name = MR-9E784D142F75 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Partizan


< End of report >



BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:04:25 AM

Posted 08 March 2010 - 11:41 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 omikronn

omikronn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 08 March 2010 - 12:11 PM

Hi ,

I still have the same problem - cannot update spyware doctor,spybot,adaware or malwarebytes,and cannot connect to microsoft updates.Also,I noticed that
when trying to connect to microsoft updates,it says 'connecting to 75.14.205.100' - a bit of google searching showed this to be an IP in the USA,apparently linked to Google! I now have the worry that I've fallen victim to the DNSChanger trojan..is this a possibility?
Full scans with malwarebytes,SUPERantispyware and the microsoft 'onecare' online scanner all gave clean results.

Logs as requested below:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-08 17:02:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\MRJONE~1\LOCALS~1\Temp\pggcqpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB29C7FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB29C4C80]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7483E52]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB29C8580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB29DC900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB29DCB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB29E0B10]
SSDT F7ABEC7C ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB29C8670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB29C5210]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7484640]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF74848F4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB29DC280]
SSDT F7ABEC9A ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB29DFF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB29C5070]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7482B44]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB29DE180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB29DDF40]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7484D60]
SSDT F7ABECA4 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB29C7BE0]
SSDT F7ABEC9F ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB29C8190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB29C5440]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7484112]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB29DD200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB29DD080]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d07027 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d07027@001783171f5b 0xDA 0x59 0x45 0xE2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d07027@0023d6d7208c 0x5A 0xB0 0x23 0x5E ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060d07027@0016dbb5678d 0x34 0xFA 0x4E 0xD8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d07027 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d07027@0016dbb5678d 0x89 0xC1 0x1F 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d07027@001783171f5b 0xDA 0x59 0x45 0xE2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d07027@0023d6d7208c 0x5A 0xB0 0x23 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d07027
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d07027@001783171f5b 0xDA 0x59 0x45 0xE2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d07027@0023d6d7208c 0x5A 0xB0 0x23 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d07027@0016dbb5678d 0x34 0xFA 0x4E 0xD8 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A92AD0F0-46F5-76C7-97A1-A2002EF3B69A}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A92AD0F0-46F5-76C7-97A1-A2002EF3B69A}@iaooigodjkoepapcjd 0x6A 0x61 0x6A 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A92AD0F0-46F5-76C7-97A1-A2002EF3B69A}@haimcflnidfhfmpc 0x6A 0x61 0x6A 0x61 ...

---- EOF - GMER 1.0.15 ----



DDS (Ver_09-12-01.01) - NTFSx86
Run by MR JONES at 16:46:37.89 on 08/03/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.523 [GMT 0:00]

AV: The Shield Deluxe 2009 Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\MR JONES\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.trle.net/
uInternet Settings,ProxyServer = 127.0.0.1:8081
uInternet Settings,ProxyOverride = local;*.local
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: AutorunsDisabled - No File
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {72C9A221-FCFD-4E21-8C9F-E954A4F5C92F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
uPolicies-explorer: NoStrCmpLogical = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoChangeAnimation = 1 (0x1)
mPolicies-explorer: NoStrCmpLogical = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
LSP: c:\program files\spyware doctor\FilterLSP.dll
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\v5.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219067117437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
TCP: NameServer = 93.188.163.167,93.188.166.39
TCP: {85B48FCD-9B5B-4671-822A-9E62F65798D4} = 93.188.163.167,93.188.166.39
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: WLControl.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: UiDbAdm - {4AD3F75C-FC3B-CAB7-F7D2-0AB9D8FDEBBC} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mrjone~1\applic~1\mozilla\firefox\profiles\z3spznd3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.trle.net/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-28 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-17 207792]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2008-6-26 10240]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-2 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-14 353672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-2 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-2 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-2 56816]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-2-20 4408616]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-2-20 112936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-28 19160]
R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\drivers\SaiH5F0D.sys [2007-3-6 176640]
R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\drivers\SaiU5F0D.sys [2007-3-6 27264]
S0 dcmqa;dcmqa;c:\windows\system32\drivers\hqfsrs.sys --> c:\windows\system32\drivers\hqfsrs.sys [?]
S1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver;\??\c:\program files\ewido anti-spyware 4.0\guard.sys --> c:\program files\ewido anti-spyware 4.0\guard.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-1-3 112592]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-28 236368]
S2 RpcSsSharedAccess;Remote Procedure Call (RPC) RpcSsSharedAccess;c:\windows\system32\4r.exe srv --> c:\windows\system32\4r.exe srv [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-6-7 21376]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2005-11-14 55936]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2005-11-14 19456]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-3 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-3 1141712]
S3 VSRZXPTSN;VSRZXPTSN;c:\docume~1\mrjone~1\locals~1\temp\VSRZXPTSN.exe [2010-3-7 404352]
S4 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard;c:\program files\ewido anti-spyware 4.0\guard.exe --> c:\program files\ewido anti-spyware 4.0\guard.exe [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1169232]

============== File Associations ===============

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*

=============== Created Last 30 ================

2010-03-07 17:20:42 0 ----a-w- c:\windows\system32\XOSEDOEOG
2010-03-07 16:43:45 2 --shatr- c:\windows\winstart.bat
2010-03-07 16:43:22 0 d-----w- c:\program files\UnHackMe
2010-03-07 16:22:31 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-06 15:44:35 0 d-----w- C:\WTablet
2010-03-03 10:27:15 0 d-----w- c:\program files\Trend Micro
2010-03-02 21:18:37 0 d-----w- c:\documents and settings\mr jones\DoctorWeb
2010-03-02 10:18:14 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-03-02 10:18:03 0 d-----w- c:\program files\SUPERAntiSpyware
2010-03-02 10:18:03 0 d-----w- c:\docume~1\mrjone~1\applic~1\SUPERAntiSpyware.com
2010-03-02 10:17:39 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-28 18:46:00 0 ----a-w- c:\documents and settings\mr jones\regsvr32
2010-02-28 15:55:41 0 d-----w- c:\docume~1\mrjone~1\applic~1\Malwarebytes
2010-02-28 15:55:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 15:55:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-28 15:55:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-28 15:55:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 15:29:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-28 15:29:20 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-02-20 17:00:05 0 d-----w- c:\docume~1\mrjone~1\applic~1\WTablet
2010-02-20 16:59:58 0 d-----w- c:\docume~1\mrjone~1\applic~1\WTouch
2010-02-20 16:59:57 220968 ------w- c:\windows\system32\Touch_Tablet.dll
2010-02-20 16:59:55 0 d-----w- c:\program files\WTouch
2010-02-20 16:59:36 1593072 ------w- c:\windows\system32\PenTablet.znc
2010-02-20 16:59:35 6124840 ------w- c:\windows\system32\PenTablet.cpl
2010-02-20 16:59:28 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2010-02-20 16:59:19 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2010-02-20 16:59:15 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2010-02-20 16:59:10 0 d-----w- c:\windows\system32\WTablet
2010-02-20 16:59:07 392488 ----a-w- c:\windows\system32\Pen_Tablet.dll
2010-02-20 16:59:07 284672 ------w- c:\windows\system32\Wintab32.dll
2010-02-20 16:59:05 4408616 ------w- c:\windows\system32\Pen_Tablet.exe
2010-02-20 16:59:02 0 d-----w- c:\program files\Tablet
2010-02-20 16:59:01 439 ----a-w- c:\windows\system32\TouchTabletUserDefaults.xml
2010-02-20 16:59:01 439 ----a-w- c:\windows\system32\PenTabletUserDefaults.xml
2010-02-19 15:30:57 0 d-----w- c:\documents and settings\all users\CyberLink
2010-02-18 01:41:50 497664 ----a-w- c:\windows\system32\ac3filter.acm
2010-02-18 01:41:50 0 d-----w- c:\program files\AC3Filter
2010-02-18 01:32:00 0 d-----w- c:\program files\GSpot
2010-02-17 20:21:51 0 d-----w- c:\windows\Corel
2010-02-17 19:53:25 4 ----a-w- c:\windows\system32\ulfconfig0103.ulf
2010-02-17 19:52:18 0 d-----w- c:\program files\Pixologic
2010-02-17 15:34:12 0 d-----w- c:\windows\Zbrush 3.5R2
2010-02-17 14:21:02 0 d-----w- c:\docume~1\alluse~1\applic~1\ALM
2010-02-17 14:19:27 0 d-----w- c:\program files\Bonjour
2010-02-17 14:07:14 0 d-----w- c:\program files\common files\Macrovision Shared
2010-02-16 22:18:49 16384 ----a-w- c:\windows\system32\FileOps.exe
2010-02-15 20:42:43 0 d-----w- c:\program files\Ambient Design
2010-02-15 20:06:55 0 d-----w- c:\docume~1\mrjone~1\applic~1\Ambient Design
2010-02-14 14:34:39 0 d-----w- c:\windows\system32\_ssa_black sakura riding_work
2010-02-10 23:55:15 0 d-----w- c:\windows\Replay Video Capture
2010-02-08 22:08:58 0 d-----w- c:\windows\system32\AGEIA
2010-02-08 22:08:44 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-08 22:08:44 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys

==================== Find3M ====================

2010-03-08 16:33:00 4212 -c-ha-w- c:\windows\system32\zllictbl.dat
2010-03-04 23:40:06 245760 -c--a-w- c:\windows\system32\uninst_saver.exe
2010-03-03 01:11:23 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-09 02:24:58 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-09 02:24:58 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2010-02-04 10:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 10:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 10:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 10:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-01-18 03:00:14 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-17 17:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-10-05 10:05:18 2293712 -c--a-w- c:\program files\FLV PlayerFCSetup.exe

============= FINISH: 16:47:31.78 ===============
Attached File  Attach.txt   14.61KB   7 downloads

#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:04:25 AM

Posted 08 March 2010 - 04:08 PM

Hello omikronn

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box. Only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up.

Thank you for your patience!!
PW

#5 omikronn

omikronn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:25 AM

Posted 09 March 2010 - 04:12 PM

Problems resolved!

Can now update all programs and access Microsoft Updates.

Combofix - ran under guidance from another source - appeared to do the job.

Thanks.

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 AM

Posted 09 March 2010 - 07:06 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed.
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic.

With Regards,
Extremeboy

Edited by extremeboy, 09 March 2010 - 07:06 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users