Solved Clean bill of health appreciated.

wildfire · 2010/01/17

[Resolved] Clean bill of health appreciated.

Following on from this thread...

Comodo has been uninstalled and KPF 2.1.5 is the current firewall... Excessive downloads have disapeared and I'm fairly sure I've sorted the non-malware related issues.

I'd appreciate it though if one of you guys could check these logs out and put my mind at rest Not high priority so if you're busy I can wait.

DDS.txt

DDS (Ver_09-12-01.01) - NTFSx86
Run by Wildfire at 17:35:08.31 on 17/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.129 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\bmwebcfg.exe
svchost.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\3 Mobile Broadband\3Connect\AutoUpdateSrv.exe
C:\Program Files\3 Mobile Broadband\3Connect\WilogApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Wildfire\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe "
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [STDSB] c:\windows\system32\drivers\STDSB.exe
mRun: [Icon] c:\windows\system32\drivers\Icon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [FileZilla Server Interface] "c:\program files\filezilla server\FileZilla Server Interface.exe "
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [btbb_wcm_McciTrayApp] c:\program files\btbb_wcm\McciTrayApp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe "
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: bmnet.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172842795682
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {402B3659-11DA-4F55-A3C4-AA005B589210} = 217.171.135.1 217.171.132.1
Notify: igfxcui - igfxsrvc.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wildfire\applic~1\mozilla\firefox\profiles\wpxy3m1d.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin2.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin3.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin4.dll
FF - plugin: c:\program files\qt lite\plugins\npqtplugin5.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2005-6-7 11264]
R1 fwdrv;Kerio Personal Firewall Driver;c:\windows\system32\drivers\FWDRV.SYS [2010-1-14 102912]
R2 MTC0003_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [2005-6-7 11279]
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCNDIS5.sys [2008-7-16 20736]
S2 STDSB;STDSB;c:\windows\system32\drivers\STDSB.sys [2005-6-7 11279]
S3 CPWU6D;Philips Wireless Network Adapter Service;c:\windows\system32\drivers\cpwu6d.sys --> c:\windows\system32\drivers\CPWU6D.sys [?]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [2005-6-13 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [2005-6-13 23296]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-1-9 102656]
S3 wlanndi5;wlanndi5 NDIS Protocol Driver;c:\windows\system32\wlanndi5.sys [2004-4-21 16384]

=============== Created Last 30 ================

2010-01-16 17:25:23 0 d-----w- c:\program files\Zattoo
2010-01-16 10:51:01 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-01-16 10:51:01 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-01-16 10:50:34 132480 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-01-16 10:50:10 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-01-16 07:36:25 0 d-----w- c:\program files\Western Digital Corporation
2010-01-15 20:04:22 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-01-15 20:04:22 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2010-01-15 20:04:11 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-15 20:04:11 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-14 11:10:10 102912 ------w- c:\windows\system32\drivers\FWDRV.SYS
2010-01-14 11:10:09 0 d-----w- c:\program files\Kerio
2010-01-13 08:03:50 0 d-----w- c:\program files\DAEMON Tools Lite
2010-01-13 06:06:49 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-12 16:44:36 322 ----a-w- c:\documents and settings\wildfire\Map.dat
2010-01-12 12:10:58 2 ----a-w- c:\windows\msoffice.ini
2010-01-12 10:54:38 0 d-sh--w- c:\documents and settings\wildfire\UserData
2010-01-12 10:54:36 0 d-sh--w- c:\documents and settings\wildfire\PrivacIE
2010-01-12 10:42:49 0 d-sh--w- c:\documents and settings\wildfire\IECompatCache
2010-01-12 10:37:22 0 d-----w- c:\documents and settings\wildfire\Contacts
2010-01-12 10:37:20 0 d-----w- c:\docume~1\wildfire\applic~1\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2010-01-12 10:37:18 0 d-----w- c:\docume~1\wildfire\applic~1\Bytemobile
2010-01-12 10:37:18 0 d-----w- c:\docume~1\wildfire\applic~1\Birdstep Technology
2010-01-12 10:37:17 0 d-----w- c:\docume~1\wildfire\applic~1\Foxit
2010-01-12 10:37:17 0 d-----w- c:\docume~1\wildfire\applic~1\DAEMON Tools Lite
2010-01-12 10:37:16 0 d-----w- c:\docume~1\wildfire\applic~1\LimeWire
2010-01-12 10:36:50 0 d-----w- c:\docume~1\wildfire\applic~1\Malwarebytes
2010-01-12 10:36:34 0 d-----w- c:\docume~1\wildfire\applic~1\OpenOffice.org
2010-01-12 10:36:09 0 d-----w- c:\docume~1\wildfire\applic~1\SUPERAntiSpyware.com
2010-01-12 10:36:08 37496 ----a-w- c:\docume~1\wildfire\applic~1\GDIPFONTCACHEV1.DAT
2010-01-12 10:35:18 0 d-----w- c:\documents and settings\wildfire\.xmltv
2010-01-12 10:34:21 0 d-----w- c:\documents and settings\wildfire\.freeguide
2010-01-12 10:29:07 0 d-sh--w- c:\documents and settings\wildfire\IETldCache
2010-01-12 10:28:21 0 d-----w- c:\docume~1\wildfire\applic~1\You've Got Pictures Screensaver
2010-01-12 08:56:19 98816 ----a-w- c:\windows\sed.exe
2010-01-12 08:56:19 77312 ----a-w- c:\windows\MBR.exe
2010-01-12 08:56:19 261632 ----a-w- c:\windows\PEV.exe
2010-01-12 08:56:19 161792 ----a-w- c:\windows\SWREG.exe
2010-01-11 08:40:10 0 d-----w- C:\32788R22FWJFW.3.tmp
2010-01-11 08:36:40 0 d-----w- C:\32788R22FWJFW.2.tmp
2010-01-10 19:00:45 0 d-----w- C:\32788R22FWJFW.1.tmp
2010-01-10 04:58:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-10 02:18:43 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-10 02:18:00 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-09 02:30:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Birdstep Technology
2010-01-09 02:28:49 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-01-09 02:28:48 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-01-09 02:28:48 112640 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-01-09 02:28:48 102656 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2010-01-09 02:28:48 102400 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-01-09 02:28:29 70667 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2010-01-09 02:28:29 0 d-----w- c:\program files\Huawei Modems
2010-01-09 02:28:11 10240 ------w- c:\windows\system32\drivers\mdvrmng.sys
2010-01-09 02:27:05 0 d-----w- c:\program files\3 Mobile Broadband
2010-01-07 08:55:42 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-07 08:53:34 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-01-05 03:07:32 0 d-----w- c:\program files\xvi32
2010-01-03 03:17:41 0 d-----w- c:\program files\Foxit Software
2010-01-01 01:05:13 66 ----a-w- c:\windows\drD3D.ini
2010-01-01 00:52:07 0 d-----w- C:\Doomsday
2009-12-31 23:40:08 0 d-----w- c:\program files\Mythicsoft
2009-12-31 06:55:56 8192 ----a-w- C:\wubildr.mbr
2009-12-31 06:55:56 80177 ----a-w- C:\wubildr
2009-12-31 06:42:48 0 d-----w- C:\ubuntu
2009-12-30 00:41:32 0 d-----w- c:\program files\BBC iPlayer Desktop
2009-12-29 07:28:53 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-12-29 07:24:15 0 d-----w- c:\program files\COMODO
2009-12-27 22:35:13 0 d-----w- c:\program files\MPC HomeCinema
2009-12-19 02:57:39 0 d-----w- C:\MERCURY

==================== Find3M ====================

2009-12-16 23:48:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-02 20:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys

============= FINISH: 17:35:19.97 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 13/06/2005 16:47:02
System Uptime: 17/01/2010 11:56:25 (6 hours ago)

Motherboard: NEC COMPUTERS INTERNATIONAL | | Rhea B
Processor: Intel(R) Celeron(R) M processor 1.30GHz | mPGA478 | 1290/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 11.388 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM (CDFS)
G: is Removable
H: is FIXED (NTFS) - 149 GiB total, 115.808 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA VT6105 Rhine III Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_D0041631&REV_8B\4&16793A72&0&10F0
Manufacturer: VIA Technologies, Inc.
Name: VIA VT6105 Rhine III Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_D0041631&REV_8B\4&16793A72&0&10F0
Service: FETNDISB

==== System Restore Points ===================

RP411: 12/01/2010 13:30:07 - System Checkpoint
RP412: 13/01/2010 06:13:02 - Software Distribution Service 3.0
RP413: 13/01/2010 08:04:06 - SPTD setup V1.62
RP414: 13/01/2010 11:54:56 - Removed Google Earth.
RP415: 13/01/2010 11:56:52 - Removed SUPERAntiSpyware Free Edition
RP416: 14/01/2010 11:10:09 - Installed Kerio Personal Firewall
RP417: 15/01/2010 11:21:18 - System Checkpoint
RP418: 16/01/2010 07:36:23 - Installed Data Lifeguard Diagnostic for Windows
RP419: 16/01/2010 10:48:49 - Installed Acronis True Image WD Edition
RP420: 17/01/2010 12:31:51 - System Checkpoint

==== Installed Programs ======================

3Connect
7-Zip 4.65
Acronis True Image WD Edition
ActiveState ActiveTcl 8.5.8.0
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Shockwave Player
Agent Ransack Version 1.7.3
Almeza MultiSet Professional 6.7
BBC iPlayer Desktop
Data Lifeguard Diagnostic for Windows
Doomsday Engine 1.9.0-beta6.3
DP Editor Ver.1.0
FileZilla Client 3.2.2.1
FileZilla Server (remove only)
FinePixViewer Ver.1.1
Foxit Reader
FreeGuide 0.10.12
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Unload DLL Patch
Huawei modem
InstantShare
Java(TM) 6 Update 17
Kerio Personal Firewall 2.1.5
Lazarus 0.9.28
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Mozilla Firefox (3.5.7)
Notepad++
OpenOffice.org 3.1
Packard Bell Companion
PTDD Super Fdisk 1.0
QT Lite 2.8.0
Real Alternative 1.9.0
Samsung CLP-500 Series
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SIW version 2009-02-24
Sonic RecordNow!
Tweak UI
Ubuntu
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
Zattoo 3.3.4 Beta

==== Event Viewer Messages From Past Week ========

13/01/2010 11:56:55, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
13/01/2010 11:56:02, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/01/2010 10:08:28, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
10/01/2010 16:40:54, error: Service Control Manager [7000] - The STDSB service failed to start due to the following error: The system cannot find the file specified.
10/01/2010 16:40:54, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/01/2010 06:14:04, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/01/2010 06:13:58, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
10/01/2010 04:47:25, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/01/2010 04:46:55, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/01/2010 04:45:36, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL sptd Tcpip WS2IFSL
10/01/2010 04:45:36, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
10/01/2010 04:45:36, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/01/2010 04:45:36, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/01/2010 04:45:36, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/01/2010 04:45:36, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
10/01/2010 04:44:58, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/01/2010 04:44:39, error: sptd [4] - Driver detected an internal error in its data structures for .
10/01/2010 01:51:13, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

==== End Of File ===========================

broni · 2010/01/17

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Terminate memory threats before quarantining.

* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

wildfire · 2010/01/18

Broni I'm sure you have me jump through these hoops just to keep me off the boards

Seriously, I've had trouble downloading SAS but restored a backup of it that I downloaded last week, Definations update went without an error and hopefully the logs will show this as the latest version.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/18/2010 at 11:20 AM

Application Version : 4.33.1000

Core Rules Database Version : 4487
Trace Rules Database Version: 2303

Scan type : Complete Scan
Total Scan Time : 01:57:35

Memory items scanned : 249
Memory threats detected : 0
Registry items scanned : 5161
Registry threats detected : 0
File items scanned : 81175
File threats detected : 0

MBAM Logs to Follow

wildfire · 2010/01/18

No problems downloading, updating or running MBAM

Malwarebytes' Anti-Malware 1.44
Database version: 3588
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/01/2010 12:22:56
mbam-log-2010-01-18 (12-22-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 176169
Time elapsed: 39 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Small point, I disabled the security center alert as KPF2.1.5 isn't recognised, I've followed your instructions but will probably disable this alert again once finished.

GMER Log to follow...

wildfire · 2010/01/18

GMER Log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-18 14:35:06
Windows 5.1.2600 Service Pack 3
Running: bdtjhjms.exe; Driver: C:\DOCUME~1\Wildfire\LOCALS~1\Temp\pgtdapob.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwClose [0xED191D1E]
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateFile [0xED19162B]
SSDT spzh.sys ZwCreateKey [0xF73740E0]
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateProcess [0xED191C92]
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateProcessEx [0xED191C17]
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateSection [0xED191713]
SSDT spzh.sys ZwEnumerateKey [0xF738CDA4]
SSDT spzh.sys ZwEnumerateValueKey [0xF738D132]
SSDT spzh.sys ZwOpenKey [0xF73740C0]
SSDT spzh.sys ZwQueryKey [0xF738D20A]
SSDT spzh.sys ZwQueryValueKey [0xF738D08A]
SSDT spzh.sys ZwSetValueKey [0xF738D29C]

INT 0x33 ? 854DBBF8
INT 0x3B ? 854DBBF8
INT 0x3E ? 8580ABF8
INT 0x3F ? 8580ABF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 169 804E27C5 3 Bytes [CD, 38, F7]
? spzh.sys The system cannot find the file specified. !
PAGENDSM NDIS.sys!NdisMIndicateStatus F71999EF 6 Bytes JMP ED18F6D8 \SystemRoot\system32\Drivers\fwdrv.sys
.text USBPORT.SYS!DllUnload F66D18AC 5 Bytes JMP 854DB1D8
.text aq7rj1pe.SYS F60E9386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aq7rj1pe.SYS F60E93AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aq7rj1pe.SYS F60E93C4 3 Bytes [00, 80, 02]
.text aq7rj1pe.SYS F60E93C9 1 Byte [30]
.text aq7rj1pe.SYS F60E93C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8579B2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F739FDDC] spzh.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F739FE30] spzh.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7375042] spzh.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F737513E] spzh.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73750C0] spzh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7375800] spzh.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73756D6] spzh.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 854DB2D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7384B90] spzh.sys
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aq7rj1pe.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [ED18F520] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [ED18F53B] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [ED18F5CB] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [ED18F5EE] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [ED18F5CB] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [ED18F53B] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [ED18F520] \SystemRoot\system32\Drivers\fwdrv.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 857881F8

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip mdvrmng.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 856101F8
Device \Driver\usbuhci \Device\USBPDO-1 856101F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C670EB0B-4870-4C01-BABD-21F196980F0E} 84BC21F8
Device \Driver\usbehci \Device\USBPDO-2 854CF1F8
Device \Driver\sptd \Device\1205826240 spzh.sys

AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mdvrmng.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 8580B1F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device \Driver\Cdrom \Device\CdRom0 854B71F8
Device \Driver\Cdrom \Device\CdRom1 854B71F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72D0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F72D0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F72D0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F72D0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom2 854B71F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 84BC21F8
Device \Driver\NetBT \Device\NetbiosSmb 84BC21F8
Device \Driver\USBSTOR \Device\000000b9 848D71F8

AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp mdvrmng.sys
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp mdvrmng.sys

Device \Driver\usbuhci \Device\USBFDO-0 856101F8
Device \Driver\usbuhci \Device\USBFDO-1 856101F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84B4B1F8
Device \Driver\usbehci \Device\USBFDO-2 854CF1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84B4B1F8
Device \Driver\USBSTOR \Device\000000ba 848D71F8
Device \Driver\USBSTOR \Device\000000bb 848D71F8
Device \Driver\PCI_PNP5088 \Device\0000007d spzh.sys
Device \Driver\Ftdisk \Device\FtControl 8580B1F8
Device \Driver\USBSTOR \Device\000000bc 848D71F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{402B3659-11DA-4F55-A3C4-AA005B589210} 84BC21F8
Device \Driver\aq7rj1pe \Device\Scsi\aq7rj1pe1Port2Path0Target0Lun0 854651F8
Device \Driver\aq7rj1pe \Device\Scsi\aq7rj1pe1 854651F8
Device \FileSystem\Cdfs \Cdfs 85589500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\111111111111
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9F 0xB2 0xAD 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x37 0xB2 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x13 0x59 0x29 0x81 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0B 0xE2 0x11 0xDC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x37 0xB2 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x13 0x59 0x29 0x81 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{00142B4A-0944-DA36-84AB-800768B60C5D}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{00142B4A-0944-DA36-84AB-800768B60C5D}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{00142B4A-0944-DA36-84AB-800768B60C5D}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{00142B4A-0944-DA36-84AB-800768B60C5D}\InprocServer32@ C:\WINDOWS\System32\msvidctl.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{00142B4A-0944-DA36-84AB-800768B60C5D}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{00142B4A-0944-DA36-84AB-800768B60C5D}\ProgID@ BDATuner.ATSCChannelTuneRequest.1
Reg HKLM\SOFTWARE\Classes\CLSID\{00142B4A-0944-DA36-84AB-800768B60C5D}\TypeLib@ {9B085638-018E-11D3-9D8E-00C04F72D980}
Reg HKLM\SOFTWARE\Classes\CLSID\{00142B4A-0944-DA36-84AB-800768B60C5D}\VersionIndependentProgID@ BDATuner.ATSCChannelTuneRequest

---- EOF - GMER 1.0.15 ----

Hijack This log to follow...

wildfire · 2010/01/18

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:41:48, on 18/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\bmwebcfg.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe "
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe "
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172842795682
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\System32\bmwebcfg.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 5609 bytes

broni · 2010/01/18

Broni I'm sure you have me jump through these hoops just to keep me off the boards
Click to expand...

Hahaha.....

I don't see any AV program running. Why is that?

wildfire · 2010/01/18

"broni said: ↑

Hahaha.....

I don't see any AV program running. Why is that?
Click to expand...

Haven't installed one yet Broni and I didn't want to do it now in case it messed with your findings. I have been browsing safe though and firewalled.

broni · 2010/01/18

OK. Get one up, when we're done with Combofix...

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

wildfire · 2010/01/18

"broni said: ↑

Please download ComboFix from Here or Here to your Desktop.
Click to expand...

Tried both Broni,

Some installation files are corrupt.
Please download a freshcopy and retry the installation
Click to expand...

broni · 2010/01/18

At what point are you getting the above error?

wildfire · 2010/01/18

Seconds after clicking on combofix, the green bar gets about half way along

Process is still showing in taskmanager using 6.436k but no CPU cycles

broni · 2010/01/18

Yeah, there is something wrong with that download. Wrong file size.
Delete your download.
Get a fresh one from HERE
I renamed the file for a reason. Update Combofix, if it asks you to.

wildfire · 2010/01/18

Not having much luck here,

When started the error below appears, selecting Yes or No just results in the program silently closing and deleting itself.

broni · 2010/01/18

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

wildfire · 2010/01/18

OTL logfile created on: 18/01/2010 20:54:43 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Wildfire\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 11.24 Gb Free Space | 30.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 22.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PB
Current User Name: Wildfire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/18 20:53:27 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wildfire\Desktop\OTL.exe
PRC - [2009/12/16 23:48:56 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/16 23:48:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/10 04:02:50 | 00,904,840 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/06/10 03:57:40 | 00,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/06/10 03:57:36 | 00,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/06/10 03:55:30 | 01,326,080 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/03/03 10:19:28 | 00,691,200 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla server.exe
PRC - [2009/02/23 19:45:16 | 00,670,256 | ---- | M] (Birdstep Technology) -- C:\Program Files\3 Mobile Broadband\3Connect\AutoUpdateSrv.exe
PRC - [2008/04/14 05:42:42 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/30 10:51:07 | 00,935,936 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\btbb_wcm\McciTrayApp.exe
PRC - [2004/09/22 14:43:32 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
PRC - [2003/12/17 15:50:44 | 00,028,672 | ---- | M] () -- C:\WINDOWS\system32\drivers\STDSB.exe
PRC - [2003/10/02 13:37:36 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2003/03/27 16:43:00 | 00,634,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2003/03/27 16:43:00 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/03/27 15:34:58 | 00,053,248 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/01/17 01:02:38 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe

========== Modules (SafeList) ==========

MOD - [2010/01/18 20:53:27 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wildfire\Desktop\OTL.exe
MOD - [2003/03/27 16:43:00 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2000/06/10 22:57:08 | 00,003,584 | ---- | M] () -- C:\WINDOWS\system32\drivers\mxkeybd.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (AOL ACS)
SRV - [2009/12/16 23:48:56 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/06/10 03:57:36 | 00,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/03/03 10:19:28 | 00,691,200 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2004/09/22 14:43:32 | 00,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Running] -- C:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/08/11 10:44:16 | 00,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/04/30 16:43:32 | 00,389,120 | ---- | M] (Kerio Technologies) [Auto | Stopped] -- C:\Program Files\Kerio\Personal Firewall\persfw.exe -- (PersFw)
SRV - [2003/01/17 01:02:38 | 00,045,056 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\slserv.exe -- (SLService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk "
FF - prefs.js..extensions.enabledItems: {405e2f6c-b9b8-4515-a69c-e375d7156c86}:0.1.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 06:03:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 06:03:22 | 00,000,000 | ---D | M]

[2010/01/12 10:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\Mozilla\Extensions
[2010/01/18 15:22:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\Mozilla\Firefox\Profiles\wpxy3m1d.default\extensions
[2010/01/12 10:36:44 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wildfire\Application Data\Mozilla\Firefox\Profiles\wpxy3m1d.default\extensions\{405e2f6c-b9b8-4515-a69c-e375d7156c86}
[2010/01/18 15:22:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/03 03:13:58 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/07/10 22:35:41 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/07/10 22:35:41 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/07/10 22:35:41 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/07/10 22:35:41 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/05/21 16:18:13 | 00,611,053 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 z.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtb19.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 16309 more lines...
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [FileZilla Server Interface] C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
O4 - HKLM..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe ()
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172842795682 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/26 19:48:28 | 00,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/22 16:01:06 | 00,132,576 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/12/08 09:24:46 | 00,027,750 | R--- | M] () - F:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2007/10/29 12:25:38 | 00,000,047 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4499cd92-fcc6-11de-b91d-00038a000015}\Shell - " " = AutoRun
O33 - MountPoints2\{4499cd92-fcc6-11de-b91d-00038a000015}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{4499cd92-fcc6-11de-b91d-00038a000015}\Shell\AutoRun\command - " " = F:\AutoRun.exe -- [2009/04/22 16:01:06 | 00,132,576 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a4a788b8-0257-11df-b93a-00038a000015}\Shell - " " = AutoRun
O33 - MountPoints2\{a4a788b8-0257-11df-b93a-00038a000015}\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\{a4a788b8-0257-11df-b93a-00038a000015}\Shell\AutoRun\command - " " = F:\AutoRun.exe -- [2009/04/22 16:01:06 | 00,132,576 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\F\Shell - " " = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - " " = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - " " = F:\AutoRun.exe -- [2009/04/22 16:01:06 | 00,132,576 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2002/09/19 19:34:20 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173366603513856)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/18 20:53:24 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wildfire\Desktop\OTL.exe
[2010/01/18 20:40:52 | 00,000,000 | --SD | C] -- C:\8cdr5etf45f
[2010/01/18 11:41:06 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/18 11:41:03 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/18 11:41:03 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/18 09:06:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/16 17:25:23 | 00,000,000 | ---D | C] -- C:\Program Files\Zattoo
[2010/01/16 10:51:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/16 10:49:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/01/16 10:48:56 | 00,000,000 | ---D | C] -- C:\Program Files\Acronis
[2010/01/16 07:36:25 | 00,000,000 | ---D | C] -- C:\Program Files\Western Digital Corporation
[2010/01/14 11:10:09 | 00,000,000 | ---D | C] -- C:\Program Files\Kerio
[2010/01/12 12:31:17 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Wildfire\Recent
[2010/01/12 11:29:12 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/12 10:54:38 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Wildfire\UserData
[2010/01/12 10:54:36 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Wildfire\PrivacIE
[2010/01/12 10:54:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Adobe
[2010/01/12 10:54:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Conduit
[2010/01/12 10:54:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\ApplicationHistory
[2010/01/12 10:54:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Apple Computer
[2010/01/12 10:54:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Google
[2010/01/12 10:54:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\lazarus
[2010/01/12 10:54:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\IsolatedStorage
[2010/01/12 10:54:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Identities
[2010/01/12 10:54:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\HP
[2010/01/12 10:54:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Help
[2010/01/12 10:50:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\xmltv
[2010/01/12 10:50:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\WMTools Downloaded Files
[2010/01/12 10:50:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Temp
[2010/01/12 10:50:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Real
[2010/01/12 10:50:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Mozilla
[2010/01/12 10:50:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\ZattooPlayer
[2010/01/12 10:50:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Zattoo
[2010/01/12 10:46:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\My Documents\Downloads
[2010/01/12 10:46:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\My Documents\My eBooks
[2010/01/12 10:46:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\My Documents\My Albums
[2010/01/12 10:46:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\My Documents\LimeWire
[2010/01/12 10:46:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\My Documents\Interactive Fiction
[2010/01/12 10:46:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\My Documents\My Received Files
[2010/01/12 10:46:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\My Documents\My Radio
[2010/01/12 10:46:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\My Documents\My Programs
[2010/01/12 10:44:07 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Wildfire\My Documents\My Videos
[2010/01/12 10:44:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\My Documents\TSF
[2010/01/12 10:44:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\My Documents\New Folder
[2010/01/12 10:42:49 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Wildfire\IECompatCache
[2010/01/12 10:42:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Desktop\chipschallenge
[2010/01/12 10:42:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Desktop\hosts
[2010/01/12 10:42:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Desktop\email
[2010/01/12 10:42:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Desktop\Router Bridge_files
[2010/01/12 10:42:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Desktop\Clp-500
[2010/01/12 10:42:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Desktop\Website
[2010/01/12 10:41:00 | 26,794,0236 | ---- | C] (UBCD4Win Team - Benjamin Burrows ) -- C:\Documents and Settings\Wildfire\Desktop\UBCD4WinV350(2).exe
[2010/01/12 10:40:36 | 31,693,599 | ---- | C] (eRightSoft ) -- C:\Documents and Settings\Wildfire\Desktop\SUPERsetup.exe
[2010/01/12 10:40:33 | 04,571,494 | ---- | C] (Topala Software Solutions ) -- C:\Documents and Settings\Wildfire\Desktop\siw-setup.exe
[2010/01/12 10:40:32 | 06,560,523 | ---- | C] ( ) -- C:\Documents and Settings\Wildfire\Desktop\realalt190.exe
[2010/01/12 10:40:10 | 09,878,470 | ---- | C] ( ) -- C:\Documents and Settings\Wildfire\Desktop\qtlite280.exe
[2010/01/12 10:40:04 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wildfire\Desktop\mbam-setup.exe
[2010/01/12 10:40:03 | 01,309,744 | ---- | C] (Packard Bell B.V. ) -- C:\Documents and Settings\Wildfire\Desktop\Intel_ProWireless2200bg_90417.exe
[2010/01/12 10:39:51 | 07,739,563 | ---- | C] (deng Team ) -- C:\Documents and Settings\Wildfire\Desktop\deng-1.9.0-beta6.3-setup.exe
[2010/01/12 10:39:39 | 63,752,952 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Wildfire\Desktop\avg_free_stf_en_85_287a1483.exe
[2010/01/12 10:37:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Contacts
[2010/01/12 10:37:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/01/12 10:37:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\AdobeUM
[2010/01/12 10:37:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Adobe
[2010/01/12 10:37:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\CyberLink
[2010/01/12 10:37:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Bytemobile
[2010/01/12 10:37:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Birdstep Technology
[2010/01/12 10:37:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Help
[2010/01/12 10:37:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Google
[2010/01/12 10:37:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Foxit
[2010/01/12 10:37:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\FileZilla
[2010/01/12 10:37:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\DAEMON Tools Lite
[2010/01/12 10:37:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\LimeWire
[2010/01/12 10:36:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Media Player Classic
[2010/01/12 10:36:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Malwarebytes
[2010/01/12 10:36:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\MSN6
[2010/01/12 10:36:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Mozilla
[2010/01/12 10:36:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Notepad++
[2010/01/12 10:36:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Real
[2010/01/12 10:36:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\OpenOffice.org
[2010/01/12 10:36:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Sun
[2010/01/12 10:36:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\SUPERAntiSpyware.com
[2010/01/12 10:36:08 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Wildfire\Application Data\yahoo!
[2010/01/12 10:36:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Viewpoint
[2010/01/12 10:35:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\.xmltv
[2010/01/12 10:34:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\.freeguide
[2010/01/12 10:29:07 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Wildfire\IETldCache
[2010/01/12 10:28:32 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Wildfire\Cookies
[2010/01/12 10:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Macromedia
[2010/01/12 10:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\Identities
[2010/01/12 10:28:21 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Wildfire\Application Data\Microsoft
[2010/01/12 10:28:21 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Wildfire\SendTo
[2010/01/12 10:28:21 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Wildfire\Application Data
[2010/01/12 10:28:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Wildfire\Start Menu
[2010/01/12 10:28:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Wildfire\My Documents\My Pictures
[2010/01/12 10:28:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Wildfire\My Documents\My Music
[2010/01/12 10:28:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Wildfire\My Documents
[2010/01/12 10:28:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Wildfire\Favorites
[2010/01/12 10:28:21 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Wildfire\Desktop
[2010/01/12 10:28:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Wildfire\Templates
[2010/01/12 10:28:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Wildfire\PrintHood
[2010/01/12 10:28:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Wildfire\NetHood
[2010/01/12 10:28:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Wildfire\Local Settings
[2010/01/12 10:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Application Data\You've Got Pictures Screensaver
[2010/01/12 10:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Powercinema
[2010/01/12 10:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\Microsoft
[2010/01/12 09:07:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/01/12 08:52:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/12 08:52:05 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/11 08:40:10 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.3.tmp
[2010/01/11 08:36:40 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp
[2010/01/10 19:00:45 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2010/01/10 04:58:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/10 02:18:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/10 02:18:00 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/09 02:30:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2010/01/09 02:28:49 | 00,621,056 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2010/01/09 02:28:48 | 00,112,640 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2010/01/09 02:28:48 | 00,102,656 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2010/01/09 02:28:48 | 00,102,400 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2010/01/09 02:28:48 | 00,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2010/01/09 02:28:29 | 00,000,000 | ---D | C] -- C:\Program Files\Huawei Modems
[2010/01/09 02:27:05 | 00,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2010/01/07 08:55:42 | 00,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/07 08:53:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/05 03:07:32 | 00,000,000 | ---D | C] -- C:\Program Files\xvi32
[2009/12/07 20:39:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/12/04 16:34:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth
[2009/12/02 16:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/02 16:17:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/02 16:17:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/12/02 16:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/07/21 14:18:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/21 14:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/02/15 11:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2005/06/07 10:05:25 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2005/06/07 10:05:18 | 01,290,760 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2005/06/07 10:05:18 | 00,506,912 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2005/06/07 10:05:18 | 00,210,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2005/06/07 10:05:18 | 00,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2005/06/07 10:05:18 | 00,085,552 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/01/18 20:53:27 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wildfire\Desktop\OTL.exe
[2010/01/18 20:44:19 | 00,026,358 | ---- | M] () -- C:\Documents and Settings\Wildfire\Desktop\error.bmp
[2010/01/18 20:36:39 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/18 20:36:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/18 20:36:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/18 20:36:28 | 50,284,5440 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/18 20:35:30 | 01,835,008 | -H-- | M] () -- C:\Documents and Settings\Wildfire\NTUSER.DAT
[2010/01/18 20:35:30 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Wildfire\ntuser.ini
[2010/01/18 17:17:56 | 04,840,616 | -H-- | M] () -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\IconCache.db
[2010/01/18 12:32:55 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Wildfire\Desktop\bdtjhjms.exe
[2010/01/18 11:41:08 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/18 11:39:27 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Wildfire\Desktop\mbam-setup.exe
[2010/01/18 09:07:14 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/18 00:24:58 | 00,002,855 | ---- | M] () -- C:\WINDOWS\default.pif
[2010/01/18 00:24:58 | 00,002,855 | ---- | M] () -- C:\WINDOWS\_default.pif
[2010/01/17 14:01:01 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Wildfire\Desktop\HijackThis.lnk
[2010/01/16 17:25:28 | 00,001,509 | ---- | M] () -- C:\Documents and Settings\Wildfire\Desktop\Zattoo.lnk
[2010/01/16 10:50:06 | 00,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis*True*Image*WD*Edition.lnk
[2010/01/16 05:41:44 | 00,006,144 | ---- | M] () -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/14 10:58:56 | 01,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/01/13 08:04:08 | 00,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/13 06:16:33 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 16:44:36 | 00,000,322 | ---- | M] () -- C:\Documents and Settings\Wildfire\Map.dat
[2010/01/12 12:11:13 | 00,000,612 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/12 12:10:58 | 00,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/01/12 10:03:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/10 19:11:03 | 00,116,210 | ---- | M] () -- C:\Documents and Settings\Wildfire\My Documents\bronipic2.bmp
[2010/01/10 19:02:17 | 00,240,462 | ---- | M] () -- C:\Documents and Settings\Wildfire\My Documents\bronipic1.bmp
[2010/01/10 02:16:48 | 07,520,288 | ---- | M] () -- C:\Documents and Settings\Wildfire\Desktop\SUPERAntiSpyware.exe
[2010/01/09 02:28:29 | 00,070,667 | ---- | M] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 09:13:14 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\Wildfire\My Documents\DOOM][.mds
[2010/01/07 09:13:12 | 31,006,927 | ---- | M] () -- C:\Documents and Settings\Wildfire\My Documents\DOOM][.mdf
[2010/01/05 10:41:00 | 00,089,787 | ---- | M] () -- C:\Documents and Settings\Wildfire\Desktop\13zo9yd.png
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/18 20:44:16 | 00,026,358 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\error.bmp
[2010/01/18 12:32:54 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\bdtjhjms.exe
[2010/01/18 11:41:08 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/18 11:23:43 | 50,284,5440 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/18 09:07:14 | 00,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/18 00:26:20 | 00,002,855 | ---- | C] () -- C:\WINDOWS\default.pif
[2010/01/17 14:01:01 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\HijackThis.lnk
[2010/01/16 17:25:28 | 00,001,509 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\Zattoo.lnk
[2010/01/16 10:50:06 | 00,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis*True*Image*WD*Edition.lnk
[2010/01/14 11:10:10 | 00,102,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\FWDRV.SYS
[2010/01/12 16:44:36 | 00,000,322 | ---- | C] () -- C:\Documents and Settings\Wildfire\Map.dat
[2010/01/12 12:10:58 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/01/12 10:50:39 | 00,006,144 | ---- | C] () -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/12 10:50:39 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Wildfire\Local Settings\Application Data\fusioncache.dat
[2010/01/12 10:44:06 | 04,244,817 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\SatA130A135_GMAD00094011_Apr23_2007.pdf
[2010/01/12 10:44:06 | 00,587,289 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\No18-19-21_timetable.pdf
[2010/01/12 10:44:06 | 00,011,556 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\table.odt
[2010/01/12 10:44:05 | 00,203,395 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\MXRCX4.pdf
[2010/01/12 10:44:05 | 00,000,930 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\My Sharing Folders.lnk
[2010/01/12 10:42:55 | 36,766,1056 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\Lewis Black - Red White and *******.avi
[2010/01/12 10:42:55 | 00,006,275 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\inklink.htm
[2010/01/12 10:42:54 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\DOOM][.mds
[2010/01/12 10:42:49 | 31,006,927 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\DOOM][.mdf
[2010/01/12 10:42:49 | 00,240,462 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\bronipic1.bmp
[2010/01/12 10:42:49 | 00,116,210 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\bronipic2.bmp
[2010/01/12 10:42:49 | 00,001,528 | ---- | C] () -- C:\Documents and Settings\Wildfire\My Documents\Document.rtf
[2010/01/12 10:42:36 | 05,330,084 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\writinghtml.zip
[2010/01/12 10:41:47 | 00,692,467 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\war.exe
[2010/01/12 10:41:47 | 00,000,789 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\Windows Media Player.lnk
[2010/01/12 10:40:41 | 99,486,303 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\ubcd411.zip
[2010/01/12 10:40:41 | 00,150,192 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\TweakUiPowertoySetup.exe
[2010/01/12 10:40:35 | 07,520,288 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\SUPERAntiSpyware.exe
[2010/01/12 10:40:35 | 00,463,952 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\speech100.zip
[2010/01/12 10:40:33 | 00,000,709 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\Shortcut to Dial-a-fix.lnk
[2010/01/12 10:40:33 | 00,000,625 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\Shortcut to tkifm.lnk
[2010/01/12 10:40:32 | 03,929,112 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\sdisk.zip
[2010/01/12 10:40:32 | 00,026,530 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\Router Bridge.htm
[2010/01/12 10:40:29 | 24,762,824 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\R132539.exe
[2010/01/12 10:40:05 | 02,814,289 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\npp.5.2.Installer.exe
[2010/01/12 10:40:05 | 00,546,224 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\motherboard_bios_ga-8ipe775pro_f5.exe
[2010/01/12 10:40:05 | 00,001,623 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\Mozilla Firefox.lnk
[2010/01/12 10:40:04 | 00,310,272 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\iws2.exe
[2010/01/12 10:40:04 | 00,229,181 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\jpp.zip
[2010/01/12 10:40:04 | 00,099,648 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\look_it_up.exe
[2010/01/12 10:40:04 | 00,083,696 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\jpps0608.zip
[2010/01/12 10:40:04 | 00,069,561 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\JavaRa.zip
[2010/01/12 10:39:59 | 00,328,629 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\How_to_Revive_A_Hard_Drive_200_Ways.zip
[2010/01/12 10:39:59 | 00,147,825 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\hosts.zip
[2010/01/12 10:39:59 | 00,001,523 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\FreeGuide TV Guide.lnk
[2010/01/12 10:39:59 | 00,000,694 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\Frotz.lnk
[2010/01/12 10:39:54 | 10,741,760 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\fpc-lazarus-0.9.28-doc-chm.tar
[2010/01/12 10:39:54 | 00,177,685 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\FLASH893.EXE
[2010/01/12 10:39:52 | 03,861,671 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\FileZilla_3.2.2.1_win32-setup.exe
[2010/01/12 10:39:52 | 02,860,845 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\FileZilla_Server-0_9_31.exe
[2010/01/12 10:39:52 | 00,335,992 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\Dial-a-fix-v0.60.0.24.zip
[2010/01/12 10:39:52 | 00,033,676 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\dundee_united_fc.zip
[2010/01/12 10:39:52 | 00,001,749 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\FileZilla Server Interface.lnk
[2010/01/12 10:39:52 | 00,000,506 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\Doomsday KickStart.lnk
[2010/01/12 10:39:51 | 00,260,706 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\chipschallenge.zip
[2010/01/12 10:39:51 | 00,003,274 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\cardsdll.pas
[2010/01/12 10:39:39 | 03,819,736 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\6907170201.pdf
[2010/01/12 10:39:39 | 00,939,956 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\7z465.exe
[2010/01/12 10:39:39 | 00,524,288 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\8ipe775p.f5
[2010/01/12 10:39:39 | 00,089,787 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\13zo9yd.png
[2010/01/12 10:39:39 | 00,003,842 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\180px-Molex_female_connector.jpg
[2010/01/12 10:39:39 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\Almeza MultiSet.lnk
[2010/01/12 10:39:39 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\ArabZONEFREEVIEW.asp.wmv
[2010/01/12 10:39:39 | 00,000,020 | ---- | C] () -- C:\Documents and Settings\Wildfire\Desktop\autoexec.bat
[2010/01/12 10:28:21 | 01,835,008 | -H-- | C] () -- C:\Documents and Settings\Wildfire\NTUSER.DAT
[2010/01/12 10:28:21 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Wildfire\ntuser.ini
[2010/01/09 02:28:29 | 00,070,667 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2010/01/09 02:28:11 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2010/01/01 01:05:13 | 00,000,066 | ---- | C] () -- C:\WINDOWS\drD3D.ini
[2009/10/23 12:22:38 | 01,708,544 | ---- | C] () -- C:\WINDOWS\System32\libqt4intf.dll
[2009/05/21 14:51:04 | 00,000,739 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/02/15 11:48:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Packard Bell Companion.INI
[2008/10/27 20:53:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/10/27 20:53:08 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/07/16 23:33:59 | 00,006,048 | ---- | C] () -- C:\WINDOWS\System32\mcc16.dll
[2007/03/01 16:32:38 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/11/11 12:38:03 | 00,000,029 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2006/11/11 12:37:44 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/09/12 16:08:36 | 00,005,219 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/06/13 16:47:21 | 00,000,540 | ---- | C] () -- C:\WINDOWS\AppRun.ini
[2005/06/13 16:14:02 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\NwtGatewayDLL.dll
[2005/06/13 16:14:02 | 00,000,255 | ---- | C] () -- C:\WINDOWS\System32\NwtGatewayConfig.ini
[2005/06/13 16:14:02 | 00,000,255 | ---- | C] () -- C:\WINDOWS\NwtGatewayConfig.ini
[2005/06/07 10:27:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/07 10:24:00 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/07 10:17:47 | 00,005,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASIOMI.sys
[2005/06/07 10:16:03 | 00,006,451 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/06/07 10:06:40 | 00,005,147 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/07 10:05:47 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/06/07 10:05:32 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2005/06/07 10:05:25 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/06/07 10:05:25 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/06/07 10:05:18 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2005/06/07 10:05:18 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2005/06/07 10:05:15 | 00,011,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\STDSB.sys
[2005/06/07 10:05:15 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\mxkeybd.dll
[2004/05/24 10:40:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/04/27 01:29:58 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2004/04/27 01:29:58 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/09/19 20:20:55 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

========== LOP Check ==========

[2010/01/16 10:51:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/01/09 02:38:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2010/01/07 08:54:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2005/06/07 10:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/01/12 10:37:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/01/12 10:37:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\Birdstep Technology
[2010/01/12 10:37:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\Bytemobile
[2010/01/12 10:37:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\DAEMON Tools Lite
[2010/01/12 10:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\FileZilla
[2010/01/12 10:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\Foxit
[2010/01/12 10:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\LimeWire
[2010/01/12 10:36:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\Notepad++
[2010/01/12 10:36:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\OpenOffice.org
[2010/01/12 10:36:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Wildfire\Application Data\Viewpoint

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 06:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\agp440.sys
[2001/08/17 12:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 12:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2002/08/29 12:00:00 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2008/04/14 05:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/10/16 16:31:10 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=3DF589B9A15FF9EF4AA499F98C1C16D5 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/08/29 00:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331060$\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\eventlog.dll
[2002/08/29 12:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2002/08/29 12:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 07:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\scecli.dll
[2002/08/29 12:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

wildfire · 2010/01/18

OTL Extras logfile created on: 18/01/2010 20:54:44 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Wildfire\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

479.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 11.24 Gb Free Space | 30.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 22.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PB
Current User Name: Wildfire
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe" = C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- (Gabest)
"C:\Program Files\Ashley Brown\iWeb\iws.exe" = C:\Program Files\Ashley Brown\iWeb\iws.exe:*:Enabled:iWeb Mini Web Server -- (Ashley Brown)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Zattoo\zattood.exe" = C:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\MERCURY\mercury.exe" = C:\MERCURY\mercury.exe:*:Enabled:Mercury/32 Core Processing Module v4.72 -- (David Harris)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B82B57-2B06-458C-83B5-FC3315BC1AA9}" = Samsung CLP-500 Series
"{09B44E78-A988-4BC0-962F-63ECD3333708}" = Packard Bell Companion
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{51C8741C-4A91-42A6-B6A2-CB891F7398A1}" = Kerio Personal Firewall 2.1.5
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-02-24
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis*True*Image*WD*Edition
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F665C0D9-D110-4E21-A073-952057C7ADB1}" = PTDD Super Fdisk 1.0
"7-Zip" = 7-Zip 4.65
"ActiveTcl 8.5.8.0" = ActiveState ActiveTcl 8.5.8.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"Almeza MultiSet Professional 6.7_is1" = Almeza MultiSet Professional 6.7
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Doomsday Engine_is1" = Doomsday Engine 1.9.0-beta6.3
"DP Editor 1.0" = DP Editor Ver.1.0
"FileZilla Client" = FileZilla Client 3.2.2.1
"FileZilla Server" = FileZilla Server (remove only)
"FinePixViewer 1.0" = FinePixViewer Ver.1.1
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"Huawei Modems" = Huawei modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lazarus_is1" = Lazarus 0.9.28
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Product" = FreeGuide 0.10.12
"qt7lite_is1" = QT Lite 2.8.0
"RealAlt_is1" = Real Alternative 1.9.0
"Tweak UI 2.10" = Tweak UI
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wubi" = Ubuntu
"Zattoo" = Zattoo 3.3.4 Beta

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/01/2010 12:23:05 | Computer Name = PB | Source = Google Update | ID = 20
Description =

Error - 12/01/2010 13:23:05 | Computer Name = PB | Source = Google Update | ID = 20
Description =

Error - 12/01/2010 14:23:05 | Computer Name = PB | Source = Google Update | ID = 20
Description =

Error - 12/01/2010 15:23:05 | Computer Name = PB | Source = Google Update | ID = 20
Description =

Error - 12/01/2010 16:23:05 | Computer Name = PB | Source = Google Update | ID = 20
Description =

Error - 12/01/2010 22:23:05 | Computer Name = PB | Source = Google Update | ID = 20
Description =

Error - 12/01/2010 23:23:05 | Computer Name = PB | Source = Google Update | ID = 20
Description =

Error - 13/01/2010 00:23:05 | Computer Name = PB | Source = Google Update | ID = 20
Description =

Error - 13/01/2010 01:23:05 | Computer Name = PB | Source = Google Update | ID = 20
Description =

Error - 13/01/2010 02:23:06 | Computer Name = PB | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 18/01/2010 08:25:45 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 18/01/2010 08:25:45 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = The STDSB service failed to start due to the following error: %%2

Error - 18/01/2010 10:40:42 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 18/01/2010 10:40:42 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = The STDSB service failed to start due to the following error: %%2

Error - 18/01/2010 15:46:24 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 18/01/2010 15:46:24 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = The STDSB service failed to start due to the following error: %%2

Error - 18/01/2010 16:29:55 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 18/01/2010 16:29:55 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = The STDSB service failed to start due to the following error: %%2

Error - 18/01/2010 16:36:34 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 18/01/2010 16:36:34 | Computer Name = PB | Source = Service Control Manager | ID = 7000
Description = The STDSB service failed to start due to the following error: %%2

< End of report >

broni · 2010/01/18

Nothing there....

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt before clicking on the Save button. Then post it here.

wildfire · 2010/01/18

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, January 19, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, January 18, 2010 21:21:32
Records in database: 3330776
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
G:\

Scan statistics:
Objects scanned: 81409
Threats found: 3
Infected objects found: 2
Suspicious objects found: 1
Scan duration: 03:49:09

File name / Threat / Threats count
C:\MERCURY\MAIL\wildfire\YIY09F7S.CNM Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\MERCURY\MAIL\wildfire\YIY09F7S.CNM Infected: Email-Worm.Win32.NetSky.q 1
C:\WINDOWS\Motive\btbb\UninstallHelper.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1

Selected area has been scanned.

The CNM file is an unopened email in my mail server and easily got rid, it's never been opened. I won't delete it until you instruct me to though.

broni · 2010/01/19

Please, delete all three files.
Let me know, if you have any issues with deleting them.
Empty recycle bin afterwards and post fresh HJT log.

Log in or Sign up

Solved Clean bill of health appreciated.

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

wildfire Getting Old Thread Starter

wildfire Getting Old Thread Starter

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

Attached Files:

error.bmp

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Clean bill of health appreciated.

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

wildfire Getting Old Thread Starter

wildfire Getting Old Thread Starter

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

Attached Files:

error.bmp

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

wildfire Getting Old Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches