Hi Elise,
I was finally able to complete the gmer log, however it should be noted that the Extra.txt from the OLT is 2 days old. I reran the program but kept getting the error message - No Windows Disk - Exception Processing Message c0000013 Parameters 75b6bf7c 75b6bf7c 75b6bf7c. My options were Cancel - Try Again - Continue - I pressed Continue 4 times before it resumed. At the end of it, there was no Extra.txt, only OLTListIt.txt. Below is the OLT text, then Extra, then gmer.log.
Thank you very much!
-Steve
--------------------------------------------------------------------------------------------------------------------------------------OTL Extras logfile created on: 5/7/2010 1:41:10 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2880 4320 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.38 Gb Total Space | 153.84 Gb Free Space | 68.26% Space Free | Partition Type: NTFS
Drive D: | 7.48 Gb Total Space | 0.48 Gb Free Space | 6.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 55.90 Gb Total Space | 49.59 Gb Free Space | 88.71% Space Free | Partition Type: NTFS
Drive H: | 488.98 Mb Total Space | 437.30 Mb Free Space | 89.43% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Computer Name: STEVE
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" File not found
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8 -- (Macromedia, Inc.)
"C:\Program Files\Sierra On-Line\SIGSPat.exe" = C:\Program Files\Sierra On-Line\SIGSPat.exe:*:Disabled:SIGSPat -- (Cendant Software, Inc.)
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" = C:\WINDOWS\system32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- File not found
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent -- File not found
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink -- File not found
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Disabled:Kaspersky AV Scanner -- File not found
"C:\Program Files\Morpheus\Morpheus.exe" = C:\Program Files\Morpheus\Morpheus.exe:*:Disabled:Morpheus -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19F8C650-C951-421A-BD2D-AEDA9B450BDD}" = Flash Lite 2.1 Update for Flash Professional 8
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}" = AllWebMenus PRO 5.2.824
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FEA102C-F535-4513-009B-57B165013C18}" = Tiger Woods PGA TOUR 08
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{382E94C0-6E22-44e4-B003-8EB31DFE296F}" = cp_LightScribeConfig
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}" = Google Earth Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5058B085-AA79-41E5-A726-681B4C4B846E}" = ACDSee 5.0 PowerPack
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{58762801-BA53-42B3-890B-C6B9CC8CFE26}" = QuickConnect
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5AF8C46D-A141-4E69-9EB5-76A43ED29281}" = Charter High Speed Internet Self-Installation Wizard
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1" = Tetris
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A149E33D-74B9-4033-9B53-A5DE82864850}" = BitDefender Internet Security 2010
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10.1 Free Edition
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C104580B-1C79-4d73-9BF0-CA0B184296A4}" = cp_LightScribePlugin
"{C191BE7C-8542-4A61-973A-714EF76C5995}" = Logitech QuickCam Software
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF6E7481-4487-46D3-810A-F73EEA232CE0}" = Microsoft IntelliPoint 5.0
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life® 2
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EBD5129F-9656-4E28-890A-4D1D40906AC5}" = VideoWave 7 Professional
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F523EA0F-D930-4825-A69D-AC8407A4DFA0}" = TurboTax 2008 woriper
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"a-squared Free_is1" = a-squared Free 4.5
"ATI Display Driver" = ATI Display Driver
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Copernic Agent Professional" = Copernic Agent Professional
"Defraggler" = Defraggler (remove only)
"Digsby" = Digsby
"DynGate" = DynGate
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Estate Planner 2.0" = Estate Planner 2.0
"EULAlyzer_is1" = EULAlyzer v1.2
"ezLife" = ezLife browser enhancer
"Fellowes/NEATO MediaFACE" = Fellowes/NEATO MediaFACE
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"FrostWire" = FrostWire 4.18.1
"getPlus®_ocx" = getPlus®_ocx
"Half-Life" = Half-Life
"Half-Life: Blue Shift" = Half-Life: Blue Shift
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Image Zone for Media Center PC" = HP Image Zone for Media Center PC
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"iLuminaPremiumStarter" = iLumina Gold Premium Starter
"InfraRecorder" = InfraRecorder
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IntelliMover Data Transfer Demo" = Remove IntelliMover Demo
"JAIELangPack" = Japanese Language Support
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money 2007
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Ahead NeroMediaPlayer
"ObjectDock" = ObjectDock
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"Pretty Good Solitaire - Additional Card Sets_is1" = Pretty Good Solitaire - Additional Card Sets 11.0
"Pretty Good Solitaire 500_is1" = Pretty Good Solitaire 500 version 8.0.1
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"QcDrv" = Logitech® Camera Driver
"Quicken Business Lawyer 2001" = Quicken Business Lawyer 2001
"Quicken Family Lawyer 2001" = Quicken Family Lawyer 2001
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Revo Uninstaller" = Revo Uninstaller 1.83
"Sierra Utilities" = Sierra Utilities
"ST6UNST #1" = BibleDatabase
"TeamViewer 5" = TeamViewer 5
"The Plain-Language Law Dictionary" = The Plain-Language Law Dictionary
"TurboTax 2008" = TurboTax 2008
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinSSHD" = Bitvise WinSSHD 4.27 (remove only)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xczyovujpvcekkav" = Performance Solution Hotrevenue
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 5/7/2010 2:43:12 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 5/7/2010 2:43:12 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 5/7/2010 2:45:18 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 5/7/2010 2:45:18 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 5/7/2010 3:12:10 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 5/7/2010 3:12:10 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 5/7/2010 3:12:37 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 5/7/2010 3:12:37 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 5/7/2010 4:43:10 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.
Error - 5/7/2010 4:43:10 AM | Computer Name = STEVE | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.
[ System Events ]
Error - 5/2/2010 10:53:31 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 5/2/2010 10:53:50 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7034
Description = The Logitech Process Monitor service terminated unexpectedly. It
has done this 1 time(s).
Error - 5/4/2010 4:26:22 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 5/4/2010 4:26:45 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7034
Description = The Logitech Process Monitor service terminated unexpectedly. It
has done this 1 time(s).
Error - 5/4/2010 5:28:48 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).
Error - 5/5/2010 4:22:10 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 5/5/2010 4:22:37 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7034
Description = The Logitech Process Monitor service terminated unexpectedly. It
has done this 1 time(s).
Error - 5/5/2010 4:29:20 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
Error - 5/5/2010 4:29:42 PM | Computer Name = STEVE | Source = Service Control Manager | ID = 7034
Description = The Logitech Process Monitor service terminated unexpectedly. It
has done this 1 time(s).
Error - 5/7/2010 3:12:15 AM | Computer Name = STEVE | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058
< End of report >
--------------------------------------------------------------------------------------------------------------------------------------OTL logfile created on: 5/9/2010 7:05:11 AM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2880 4320 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 225.38 Gb Total Space | 153.61 Gb Free Space | 68.16% Space Free | Partition Type: NTFS
Drive D: | 7.48 Gb Total Space | 0.48 Gb Free Space | 6.43% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 55.90 Gb Total Space | 49.59 Gb Free Space | 88.71% Space Free | Partition Type: NTFS
Drive H: | 488.98 Mb Total Space | 416.27 Mb Free Space | 85.13% Space Free | Partition Type: FAT
I: Drive not present or media not loaded
Computer Name: STEVE
Current User Name: HP_Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ========== PRC - [2010/05/07 01:38:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Downloads\OldTimersTool.exe
PRC - [2010/05/04 13:56:58 | 001,615,688 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\A-squared\a2service.exe
PRC - [2010/04/01 07:00:18 | 001,123,360 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2010/04/01 07:00:15 | 001,091,984 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2010/02/11 05:01:40 | 005,150,504 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/02/11 04:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/01/11 13:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/09/05 13:38:47 | 003,502,888 | ---- | M] (Bitvise) -- C:\Program Files\Bitvise WinSSHD\WinSSHD.exe
PRC - [2008/04/13 17:12:32 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\regsvr32.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/09 15:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2004/04/30 02:07:00 | 000,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\SAgent4.exe
PRC - [2004/02/19 03:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\E_S00RP1.EXE
PRC - [2003/05/15 16:41:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSS01A.EXE
PRC - [2001/11/23 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\BRSVC01A.EXE
========== Modules (SafeList) ========== MOD - [2010/05/07 01:38:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Downloads\OldTimersTool.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/12/09 15:37:42 | 000,086,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2010/05/04 13:56:58 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/29 22:44:31 | 001,285,864 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/15 08:25:20 | 001,872,320 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\A-squared\a2service.exe -- (a2free)
SRV - [2010/04/01 07:00:15 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2010/02/11 04:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/01/11 13:02:46 | 000,308,552 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/10/19 16:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L.
http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/05 13:38:47 | 003,502,888 | ---- | M] (Bitvise) [Auto | Running] -- C:\Program Files\Bitvise WinSSHD\WinSSHD.exe -- (WinSSHD)
SRV - [2008/01/23 15:17:41 | 001,251,720 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/12/09 15:37:42 | 000,081,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2005/08/03 00:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)
SRV - [2004/04/30 02:07:00 | 000,122,880 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\SAgent4.exe -- (StatusAgent4)
SRV - [2004/02/19 03:03:00 | 000,065,536 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\WINDOWS\system32\E_S00RP1.EXE -- (EPSON_PM_RPCV2_01) EPSON V3 Service2(03)
SRV - [2001/11/23 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\BRSVC01A.EXE -- (Brother XP spl Service)
========== Driver Services (SafeList) ========== DRV - [2010/05/04 13:57:00 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/05/04 13:57:00 | 000,085,128 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2010/05/04 13:57:00 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/05/04 13:56:56 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/04/01 07:00:15 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/03/20 10:34:03 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2010/03/20 10:34:03 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2010/03/20 10:34:03 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2010/02/04 08:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/15 13:21:16 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/01/15 13:21:16 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010/01/15 13:21:16 | 000,034,392 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2009/10/04 14:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/06/29 15:31:46 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/07 01:37:36 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2007/05/11 15:32:27 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/12/09 15:37:42 | 002,400,256 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/12/09 15:37:42 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/12/09 15:35:54 | 002,174,464 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (Lvckap)
DRV - [2005/12/05 20:28:38 | 000,014,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2005/12/05 20:28:33 | 001,103,488 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2005/12/05 20:26:54 | 002,010,240 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2005/12/05 20:26:16 | 000,039,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/08/29 15:11:00 | 003,644,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/13 22:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/30 01:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/06/17 14:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/12/15 15:18:32 | 000,220,928 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/12/15 15:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 15:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/08 13:36:28 | 000,013,105 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2004/06/08 13:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 13:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 13:35:18 | 000,054,817 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2004/06/08 13:35:08 | 000,071,533 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/06/08 13:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2004/01/27 19:34:56 | 000,140,416 | ---- | M] (Windows ® 2000 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/01/27 19:29:40 | 000,197,632 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2003/11/05 15:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopIE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.rewindamerica.org/HomePage.htmlIE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2513264196-182807146-495379214-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/04/03 13:21:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 5\components [2010/04/21 09:57:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugins [2010/04/25 10:00:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/16 15:41:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2010/04/03 14:13:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2010/04/15 14:53:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010/03/20 10:39:04 | 000,000,000 | ---D | M]
[2010/04/16 15:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2010/04/16 15:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/11/06 17:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/05/08 18:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions
[2009/11/06 15:43:44 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/04/29 12:30:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/29 21:31:35 | 000,000,000 | ---D | M] (ColorResults) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{20E2E952-0E3E-4b83-A1CE-5340C10F43A9}
[2010/02/14 02:00:17 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010/02/18 19:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010/02/23 16:46:04 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/04/29 21:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\ClickCutterAutoSearch@clickcutter.com
[2010/04/18 19:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\keyscrambler@qfx.software.corporation
[2010/02/23 16:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\noia2_option@kk.noia
[2009/11/06 15:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\OPIE@guid.customsoftwareconsult.com
[2010/04/29 20:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\searchsite@DW-dev
[2010/02/18 19:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\febeprof.Steve\extensions\silvermel@pardal.de
[2009/11/06 15:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y4bbt7ym.default\extensions
[2009/11/06 15:34:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y4bbt7ym.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/06 15:34:15 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\y4bbt7ym.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009/11/06 17:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\SeaMonkey\Profiles\wmsnvx2q.default\extensions
O1 HOSTS File: ([2004/08/10 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {00E1DA10-54EF-4A74-B0ED-5CB0E6C45022} - No CLSID value found.
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (hotrevenue browser enhancer) - {5C7541A3-5C52-0F93-9AB3-50841B5DF033} - C:\WINDOWS\system32\vhmtgdbwtnl.dll ()
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKU\S-1-5-21-2513264196-182807146-495379214-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2513264196-182807146-495379214-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2513264196-182807146-495379214-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2513264196-182807146-495379214-1008\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [fydgoqckktcgs] C:\WINDOWS\System32\vhmtgdbwtnl.dll ()
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2513264196-182807146-495379214-1008..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2513264196-182807146-495379214-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : FireShot menu - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - Reg Error: Value error. File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE}
https://install.charter.com/diskless/bin/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E}
http://192.168.0.196:85/DVROcxEx.cab (DVROcxEx Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/08 14:37:22 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 20:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 12:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{eb711070-68b6-11dd-affc-0015f2381ce3}\Shell - "" = AutoRun
O33 - MountPoints2\{eb711070-68b6-11dd-affc-0015f2381ce3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eb711070-68b6-11dd-affc-0015f2381ce3}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/05/08 18:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/08 18:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/08 18:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/07 01:24:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Malwarebytes Log
[2010/05/06 23:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
[2010/05/06 23:49:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/06 23:49:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/06 23:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2010/05/06 23:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/30 15:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/30 15:17:32 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/30 15:17:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/30 15:17:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/30 15:17:32 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/30 14:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\ezLife
[2010/04/30 10:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\a-squared Free
[2010/04/30 10:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\A-squared
[2010/04/28 14:28:36 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/27 00:18:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\thawbrkr.dll
[2010/04/27 00:18:47 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/04/27 00:18:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/04/27 00:18:45 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2010/04/27 00:18:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2010/04/27 00:18:43 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/04/27 00:18:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2010/04/27 00:18:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/04/25 10:00:03 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/23 08:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\Application Data\Likno Software
[2010/04/22 20:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/04/22 09:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/04/21 07:47:50 | 000,000,000 | ---D | C] -- C:\SystemRoot
[2010/04/20 17:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/04/17 20:40:19 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/04/17 20:38:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/04/17 00:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\Auto Maintenence
[2010/04/16 10:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\ASIFlex
[2010/04/15 20:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator\My Documents\North Star Bible Camp
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/05/09 07:02:34 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.dat
[2010/05/09 07:00:51 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Dataprivacy.xml
[2010/05/09 07:00:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/09 07:00:06 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2513264196-182807146-495379214-1008UA.job
[2010/05/09 07:00:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 07:00:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 06:59:59 | 2078,855,168 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/09 06:59:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/05/08 18:58:31 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bleeping Computer.doc
[2010/05/08 13:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/08 13:00:32 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{055FD4AE-75CC-4A4E-95CD-B522F2D56417}.job
[2010/05/07 22:42:08 | 000,001,142 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\GMER.rtf
[2010/05/07 11:12:54 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2010/05/07 09:13:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2513264196-182807146-495379214-1008Core.job
[2010/05/07 00:44:56 | 000,001,771 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/05/04 13:56:56 | 000,111,312 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys
[2010/05/02 19:21:58 | 000,550,852 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Queen.jpg
[2010/05/02 19:18:57 | 000,491,670 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Bees.jpg
[2010/05/02 19:17:57 | 000,517,315 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\BeeHive.jpg
[2010/05/02 01:25:33 | 419,430,912 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Fort Knox.bvd
[2010/05/01 18:59:16 | 000,000,674 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/01 18:59:16 | 000,000,279 | ---- | M] () -- C:\boot.ini
[2010/05/01 18:59:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/01 16:14:49 | 000,108,861 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Spa.stx
[2010/05/01 13:38:24 | 000,125,517 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Medco.jpg
[2010/04/30 16:19:35 | 000,378,229 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FireShot capture #051.jpg
[2010/04/30 15:17:14 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/30 15:17:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/30 15:17:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/30 15:17:14 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/30 15:17:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/30 15:12:51 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/30 15:12:47 | 000,552,646 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/30 15:12:47 | 000,463,840 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/30 15:12:47 | 000,078,990 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 22:39:25 | 002,015,286 | ---- | M] () -- C:\WINDOWS\ACD Wallpaper.bmp
[2010/04/29 21:41:55 | 000,000,189 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 15:03:34 | 000,173,754 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Privacy Policy Redline - March 26, 2010.pdf
[2010/04/28 08:21:22 | 000,406,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/28 08:00:12 | 000,044,906 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Membership Covenant.pdf
[2010/04/27 00:01:49 | 000,048,272 | ---- | M] () -- C:\WINDOWS\System32\xczyovujpvcekkav.exe
[2010/04/26 22:54:44 | 000,057,270 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\FireShot capture #050 - 'Dual Authentication' - www_cascadecuhb_org_hbv3_2_hbID_challengeFrame_aspx.jpg
[2010/04/26 22:50:52 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Building the Web Site.doc
[2010/04/26 22:01:31 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2010/04/26 16:12:53 | 000,293,675 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grammy.jpg
[2010/04/26 14:13:36 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application DataProductTweaks.xml
[2010/04/23 16:48:41 | 000,095,185 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Old Glory.jpg
[2010/04/23 16:47:12 | 000,098,582 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Percy Moran, The Birth of Old Glory (1917). Courtesy of the Library of Congress.jpg
[2010/04/23 16:35:20 | 000,051,696 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\image001.jpg
[2010/04/22 22:12:56 | 000,441,685 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\MedcoNewPrescription.pdf
[2010/04/21 13:21:57 | 000,000,031 | ---- | M] () -- C:\WINDOWS\Quicken.ini
[2010/04/21 13:17:25 | 000,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2010/04/20 19:44:39 | 000,018,241 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts.CSV
[2010/04/20 19:42:37 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts.pst
[2010/04/20 19:39:55 | 000,038,491 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Comma Separated Values (Windows).ADR
[2010/04/20 19:34:11 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\ntuser.ini
[2010/04/20 18:00:05 | 000,058,537 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jen.stx
[2010/04/20 17:32:31 | 000,000,748 | ---- | M] () -- C:\WINDOWS\CDFACE32.INI
[2010/04/20 17:29:43 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 17:27:20 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\Books of the Bible Generic.xls
[2010/04/20 08:47:31 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/20 08:42:24 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/04/17 20:39:52 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/04/17 20:39:43 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/04/16 11:36:14 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\My Documents\FAX ASIFlex.doc
[2010/04/14 16:31:58 | 005,913,894 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\CBS.wmv
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/05/08 18:58:31 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Bleeping Computer.doc
[2010/05/08 12:53:56 | 2078,855,168 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/07 22:42:07 | 000,001,142 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\GMER.rtf
[2010/05/07 00:44:56 | 000,001,771 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\HijackThis.lnk
[2010/05/02 19:21:58 | 000,550,852 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Queen.jpg
[2010/05/02 19:18:57 | 000,491,670 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Bees.jpg
[2010/05/02 19:17:57 | 000,517,315 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\BeeHive.jpg
[2010/05/01 16:14:49 | 000,108,861 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Spa.stx
[2010/05/01 13:37:27 | 000,125,517 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Medco.jpg
[2010/04/28 15:03:34 | 000,173,754 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Privacy Policy Redline - March 26, 2010.pdf
[2010/04/28 10:07:56 | 000,378,229 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FireShot capture #051.jpg
[2010/04/28 08:00:11 | 000,044,906 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Membership Covenant.pdf
[2010/04/27 19:09:51 | 000,004,566 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/27 00:18:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/04/27 00:18:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2010/04/27 00:18:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/04/27 00:18:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_720.nls
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/04/27 00:18:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2010/04/27 00:18:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/04/27 00:18:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2010/04/27 00:18:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/04/27 00:18:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2010/04/27 00:18:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/04/27 00:18:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2010/04/26 23:45:39 | 000,048,272 | ---- | C] () -- C:\WINDOWS\System32\xczyovujpvcekkav.exe
[2010/04/26 22:54:44 | 000,057,270 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\FireShot capture #050 - 'Dual Authentication' - www_cascadecuhb_org_hbv3_2_hbID_challengeFrame_aspx.jpg
[2010/04/26 22:50:52 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Building the Web Site.doc
[2010/04/26 16:12:53 | 000,293,675 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Grammy.jpg
[2010/04/23 16:48:41 | 000,095,185 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Old Glory.jpg
[2010/04/23 16:47:11 | 000,098,582 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Percy Moran, The Birth of Old Glory (1917). Courtesy of the Library of Congress.jpg
[2010/04/23 16:35:18 | 000,051,696 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\image001.jpg
[2010/04/20 19:40:55 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts.pst
[2010/04/20 19:39:41 | 000,018,241 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Contacts.CSV
[2010/04/20 19:09:12 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/04/20 18:00:05 | 000,058,537 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Jen.stx
[2010/04/20 17:27:20 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\Books of the Bible Generic.xls
[2010/04/16 11:36:14 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\My Documents\FAX ASIFlex.doc
[2010/04/14 16:31:56 | 005,913,894 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\CBS.wmv
[2010/04/08 00:12:14 | 000,297,984 | ---- | C] () -- C:\WINDOWS\System32\vbppoojc.dll
[2010/04/08 00:12:00 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\navhofcf.dll
[2010/03/17 06:14:48 | 000,496,128 | ---- | C] () -- C:\WINDOWS\System32\vhmtgdbwtnl.dll
[2009/08/27 19:53:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2009/06/29 15:31:46 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/15 12:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/09/16 14:54:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\DVRConfig.dll
[2008/08/24 21:34:31 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2008/07/16 14:46:08 | 000,000,033 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/23 07:34:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2008/04/19 20:57:38 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2007/10/24 17:25:51 | 000,013,126 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/10/24 17:20:54 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2007/10/09 14:14:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/10/07 15:09:26 | 000,000,160 | ---- | C] () -- C:\WINDOWS\EPSON RX500 Installer.ini
[2007/09/29 19:34:40 | 000,000,603 | ---- | C] () -- C:\WINDOWS\FNTNSTLR.INI
[2007/09/29 18:42:44 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/31 06:41:54 | 000,000,748 | ---- | C] () -- C:\WINDOWS\CDFACE32.INI
[2007/08/31 06:41:53 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2007/08/31 06:41:52 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2007/07/30 13:40:26 | 000,000,455 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/07/14 16:45:16 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/07/14 16:45:16 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/07/14 16:45:16 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/05/20 15:35:34 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1440.ini
[2007/05/20 15:35:28 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/05/20 15:34:10 | 000,000,539 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/05/12 18:00:23 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2007/05/12 18:00:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/05/12 17:55:31 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/05/12 17:54:30 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2005/12/09 15:37:42 | 002,400,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/12/09 15:37:42 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/12/09 15:35:54 | 002,174,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/12/08 15:04:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/08 14:44:50 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/12/08 14:40:11 | 000,014,315 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/12/08 14:40:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/12/08 14:37:55 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/12/08 14:34:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/12/08 14:30:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/12/08 14:30:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/12/08 14:30:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/12/08 14:30:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/12/08 14:30:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/12/08 14:30:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/12/08 14:25:28 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/12/08 14:24:36 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/12/08 13:59:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/12/08 13:52:52 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/12/08 13:52:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/12/08 13:52:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/10/05 13:50:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 22:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 00:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/10/26 15:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/07/26 15:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/03/21 15:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 13:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/20 22:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001/07/06 23:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 01:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996/02/23 14:34:48 | 000,014,629 | ---- | C] () -- C:\WINDOWS\System32\Declw.dll
[1996/02/22 12:09:20 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\Decln.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\HP_Administrator\My Documents\outlook.pst:SummaryInformation
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0F8F5844
< End of report >
--------------------------------------------------------------------------------------------------------------------------------------GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-05-09 00:28:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\ugtdypob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAllocateVirtualMemory [0xB0FF3AE4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAssignProcessToJobObject [0xB0FF3E4E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwConnectPort [0xB0FF513E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateFile [0xB0FF4868]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateKey [0xB0FF55C6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcess [0xB0FF3F98]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcessEx [0xB0FF401A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateSection [0xB0FF468C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateThread [0xB0FF36E6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDeviceIoControlFile [0xB0FF56C6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDuplicateObject [0xB0FF82F4]
SSDT spdp.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spdp.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwFsControlFile [0xB0FF5804]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwLoadDriver [0xB0FF625C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenFile [0xB0FF477C]
SSDT spdp.sys ZwOpenKey [0xBA6A80C0]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenProcess [0xB0FF8046]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenSection [0xB0FF45AC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenThread [0xB0FF8174]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwProtectVirtualMemory [0xB0FF39E2]
SSDT spdp.sys ZwQueryKey [0xBA6C7108]
SSDT spdp.sys ZwQueryValueKey [0xBA6C6F88]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwQueueApcThread [0xB0FF3EF0]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwReplaceKey [0xB0FF5DBE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestPort [0xB0FF51CE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestWaitReplyPort [0xB0FF4F6A]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRestoreKey [0xB0FF5E2E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSecureConnectPort [0xB0FF5374]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetContextThread [0xB0FF37D6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSecurityObject [0xB0FF5D4E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSystemInformation [0xB0FF3BE8]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918BFE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendProcess [0xB0FF3944]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendThread [0xB0FF38A6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSystemDebugControl [0xB0FF3DAC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateProcess [0xB0FF7FB6]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateThread [0xB0FF8402]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwWriteVirtualMemory [0xB0FF35E4]
INT 0x62 ? 8A761BF8
INT 0x73 ? 8A761BF8
INT 0x82 ? 8A761BF8
INT 0xB4 ? 8A1C1F00
INT 0xB4 ? 8A1C1F00
INT 0xB4 ? 8A1C1F00
INT 0xB4 ? 8A1C1F00
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F90 8050482C 4 Bytes CALL 9901476C
.text ntkrnlpa.exe!ZwCallbackReturn + 2FC4 80504860 12 Bytes [44, 39, FF, B0, A6, 38, FF, ...]
? spdp.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B96B78AC 5 Bytes JMP 8A1C14E0
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\A-squared\a2service.exe[608] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00454E05 C:\Program Files\A-squared\a2service.exe (a-squared Service/Emsi Software GmbH)
.text C:\WINDOWS\system32\SearchIndexer.exe[2480] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E352046 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FC7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35200B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F53 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F8D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxIndirectParamA 7E456D7D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352081 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E352243 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 78FDCFC5 C:\WINDOWS\system32\vhmtgdbwtnl.dll
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 60031E20 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateEvent + 5 7C90D093 5 Bytes JMP 60031F42 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 60031E52 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateKey + 5 7C90D0F3 5 Bytes JMP 60032050 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateMutant + 5 7C90D113 5 Bytes JMP 60031F4C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 6003203C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 60031E7A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateSection + 5 7C90D183 5 Bytes JMP 60031E2A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 6003200A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtDeleteKey + 5 7C90D253 5 Bytes JMP 60031FF6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtDeleteValueKey + 5 7C90D273 5 Bytes JMP 60031FEC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 60031FA6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtLoadDriver + 5 7C90D473 5 Bytes JMP 60031F38 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 60031E3E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtOpenFile + 5 7C90D5A3 5 Bytes JMP 60032000 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtOpenKey + 5 7C90D5D3 5 Bytes JMP 6003205A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 60032032 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtOpenSection + 5 7C90D633 5 Bytes JMP 60031E34 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 60032046 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtSetInformationFile + 5 7C90DC63 5 Bytes JMP 60031FE2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 60031E84 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 60031FD8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 60031E48 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtWriteFile + 5 7C90DF83 5 Bytes JMP 60031F9C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 6003201E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!RtlCreateProcessParameters 7C922E99 1 Byte [E9]
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ntdll.dll!RtlCreateProcessParameters 7C922E99 5 Bytes JMP 60031ECA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 60031EA2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 60031F10 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 60031F92 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 60031EFC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 60031EC0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 60031EB6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 60032064 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 60031F24 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 60031ED4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 60031EE8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 60031E5C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 60031EAC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 60032078 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 60031EF2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 60031E8E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 60031E98 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 60032014 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 6003206E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 60031F2E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 60031FB0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 60031EDE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 60031E70 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 60031E66 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!PulseEvent 7C82C06E 5 Bytes JMP 60032082 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 60031F88 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 60031FBA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateDirectoryW 7C832402 5 Bytes JMP 60031FC4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CheckRemoteDebuggerPresent 7C85AAF2 5 Bytes JMP 60031F56 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateDirectoryExW 7C85B5CA 1 Byte [E9]
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 60031FCE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 60031F1A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 60032028 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 60031F06 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 60031F74 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 60031F7E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 60031F60 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 60031F6A C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 600320A0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 600320B4 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 6003208C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 60032096 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 600320BE C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 600320AA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 600320C8 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 600320D2 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 600320F0 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 6003210E C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 600320FA C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 60032122 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 60032118 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 600320DC C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 600320E6 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 60032104 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 60032136 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 60032140 C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 6003212C C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender Active Virus Control Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spdp.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spdp.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spdp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spdp.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spdp.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01802DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01802DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Rar$EX10.922\gmer.exe[2984] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A6F01F8
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
Device \FileSystem\Fastfat \FatCdrom 89B79500
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\usbohci \Device\USBPDO-0 8A317500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7621F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A7621F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7621F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7621F8
Device \Driver\usbohci \Device\USBPDO-1 8A317500
Device \Driver\usbehci \Device\USBPDO-2 8A2D5500
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6F31F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6F31F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\Cdrom \Device\CdRom0 8A1AD500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6F31F8
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
Device \Driver\Cdrom \Device\CdRom1 8A1AD500
Device \Driver\usbstor \Device\00000090 898A8500
Device \Driver\NetBT \Device\NetBt_Wins_Export 89D371F8
Device \Driver\usbstor \Device\00000091 898A8500
Device \Driver\NetBT \Device\NetbiosSmb 89D371F8
Device \Driver\usbstor \Device\00000092 898A8500
Device \Driver\usbstor \Device\00000085 898A8500
Device \Driver\usbstor \Device\00000093 898A8500
Device \Driver\usbstor \Device\00000087 898A8500
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\usbstor \Device\00000089 898A8500
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
Device \Driver\usbohci \Device\USBFDO-0 8A317500
Device \Driver\usbohci \Device\USBFDO-1 8A317500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89D281F8
Device \Driver\usbehci \Device\USBFDO-2 8A2D5500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89D281F8
Device \Driver\Ftdisk \Device\FtControl 8A6F31F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{3DDD79D0-1109-4A92-89CF-1C9AAA581CA8} 89D371F8
Device \FileSystem\Fastfat \Fat 89B79500
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
Device \FileSystem\Cdfs \Cdfs 89B01500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\EULZMGA0\background_gradientCA7YOHKN 453 bytes
File C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\KGKCIJLM\ErrorPageTemplateCANVIIW1 2168 bytes
---- EOF - GMER 1.0.15 ----